Security Analyst Architecture & Engineering at Sourcefit

Position Summary:

The Cyber & Information Security Analyst Architecture & Engineering is responsible for delivering the client’s Cyber Security Architecture and Engineering capability, working with line management to set the architectural vision, roadmap, and standards in line with the Company’s policies and frameworks, and to deliver effective change activities supporting the UK&I business strategy.

The Cyber & Information Security Analyst Architecture and Engineering serves as a key member of the UK&I CISO, wider UK&I Digital & IT and Group community, with delegated responsibilities associated with the design and delivery of applications and systems that are secured by design. Keeping up-to-date with security threats that have the potential to adversely affect the client’s Manufacturing & Industrial businesses, ensuring adopted cyber security architectural frameworks are fit for purpose and evolve to counter such threats. Ensuring appropriate Information, IT and OT capabilities and controls are incorporated into architectural designs to protect the client’s Manufacturing & Industrial businesses from internal and external cyber threats. Taking responsibility and ensuring local programmes and projects adhere to Group enhance cyber and information security, mitigating existing and emerging security risks.

Job Details:

• Work from Home
• Monday to Friday | 8 AM to 5 PM UK Time
• *Following UK Holidays

Responsibilities:

• Contribute to defining and delivering a Cyber & Information Security Strategy that supports the company's Business and Digital Transformation plans. In addition, support the effective delivery of Group-led Cyber & Information Security Hardening initiatives.
• In collaboration with the Manager and UK&I CISO organization, help define a target state security architecture and identify incremental and strategic change initiatives (with estimated effort and cost) to migrate to the target state.
• Conduct continuous assessments of current Digital & IT and Industrial systems and processes, identifying areas for improvement using next-generation solutions for which you will lead the secure design and in collaboration with other departments, implement through effective planning, resource management, and cost control.
• Support all UK&I project initiatives ensuring the company’s existing security frameworks such as the ‘Project Security Assessment Tool’ (PSAT), Security Insurance Plan (SIP), and Minimum Security Requirements (23 Infrastructure, 25 Web & Application, and 28 Industrial) are completed and integrated into the Product Delivery Lifecycle.
• Maintain awareness and knowledge of vendor space, current and emerging technologies, and services of interest and relevance to the maturity and continuous improvements of the UK&I and Group catalog of security services.
• Engage with various stakeholder groups and committees across Digital & IT, Industrial, and Group to provide subject matter expertise and advice on all matters of cyber and information security architecture, and secure commitment to support strategic and tactical security initiatives.
• Provide consultancy for technology implementation – ensuring that legislative (privacy, data protection) and security (policies, minimum security requirements, PSATs, etc.) factors are considered to safeguard the company’s information assets.
• Act as a contact for security architecture & engineering project-related escalations.
• Support the Cyber & Information Security GRC Lead to undertake technical threat and risk assessments/reviews of IT and the Industrial business environments.
• In collaboration with line management and the CISO department, develop actions and plans with Digital & IT and Business leaders to address identified security exposures, through effective planning and execution with the help of supporting functions.
• Keep up-to-date with the latest threat information, risks, and technologies, and implement adequate detective, preventive, and corrective security controls seeking internal (Group) and external advice where necessary.
• Work closely with the Development department to ensure the ‘Low Code’ ‘No Code’ strategy and associated platforms incorporate effective security by design methodologies assuring that known security weaknesses i.e. OWASP top 10 are addressed and tested in advance of system migration to production.
• Ensure that you fully comply with Saint-Gobain’s Data Governance Policies as they relate to your area and demonstrate in your day-to-day work that you treat data as an important corporate asset that must be protected and managed.
• Maintain Saint-Gobain’s compliance standards and in collaboration with the CISO and CISO department, ensure timely completion and submission of all local and group-driven reporting requirements.
• In collaboration with the Group, ensure that all architecture designs established to ensure the safe and secure Acquisitions and Divestments are completed in line with Group directives, whilst minimizing the introduction of any new security risks to the company.

Qualifications:

• Degree in business administration or a technology-related field.
• Industry-recognised security certifications, such as TOGAF/SABSA/CISSP/CISM or equivalent are desirable but not essential, though attainment will form part of personal development objectives.
• Experience in a combination of network and or infrastructure design, information security, and Digital IT jobs.
• Knowledge of information security management frameworks, such as ISO/IEC 27001, and NIST are beneficial but not essential.
• An understanding of the evolving threat landscape and the ability to translate an emerging threat’s likelihood of exploiting inherent weaknesses, and business impact and therefore articulating calculating overall risk and developing risk mitigations - is beneficial.
• Methodical approach to architecture design inclusive of threat assessment and treatment.
• Ability to work under pressure and manage multiple priorities simultaneously.
• Excellent written and verbal communication skills and a high level of personal integrity.
• Self-motivated and ability to work on own initiative toward business improvement.
• Analytical skills and ability to assimilate information.
• Relationship builder and good networking skills.
• General understanding of Risk Management and Risk-based decision-making.
• Experience with third-party assurance and contract negotiations.
• Experience with Project Management and Development methodologies, such as Agile.
• Broad technical Digital IT and Industrial experience including Cloud computing, websites, ERP, big data, ICS, and SCADA systems.
• Good standards in quality and integrity towards the delivery of information.