Enterprise Security Architect

Date: 07-Dec-2021

Location: GB, S49 1HQ

Company: Royal Mail Group

Job reference number 231421

 

Enterprise Security Architect

PNB00

Full time

Permanent

Remote UK

Job title – Enterprise Security Architect


We’re passionate about harnessing technology to deliver the best possible results for customers. The business is in an exciting period of transformation and here, within security, we are influencing and helping drive that change as new services and ways of working are defined and delivered. 

With a proud history of serving the UK, Royal Mail has been able to thrive by continuously adapting and adopting advanced technology and, with over 30 million customer touch points per day, 25,000 end user computers, 70,000 PDA’s supported by both on premise and Cloud platforms - we operate at scale.

 

At Royal Mail Security, we have a leading role in taking the next steps. Our customer and workplace vision for the future is ‘Anytime, Anywhere, Any Device’ and security are a key enabler to accelerating that change and providing safe and secure services – this is the future for our workplace and not just a pandemic response.


With so much growth in parcels and e-commerce and the technology used to deliver our services, we need talented, change focussed people, like you, to help us get there. We know how to support business and communities - and we need to be agile to enable the business to achieve our goals. We’re focusing on investing in the security, technology, processes and people that are going to help us achieve great things together. By joining the RMG Security team, you will be driving meaningful change, pushing forward our transformation as an agile and customer focused team. We face new challenges every day. But we overcome them together, which brings incredible satisfaction and reward as we deliver more innovation, products and essential services for the UK and our customers.


Job Purpose

 

The Enterprise Security Architect is responsible for contributing to the security of RMG technology and information systems as it develops, procures, and uses technology and supporting processes in a pragmatically secure way within business risk appetite and RMG budget tolerances. The role supports the Head of Architecture & Engineering as a key senior broker between all technology teams in Group Technology, the businesses they support, and the Security Operations and Cyber Risk Management teams.


You will need to have the ability to apply complex technological issues to the business context and ensure that the business gets what it needs to succeed without exposing RMG to unacceptable risk or threats. This is not a role for a purist, the role holder needs to pragmatically balance competing agendas and tensions to deliver acceptable security not perfect security.


In this role, your key accountabilities will be:

 

  • Strategic Focus. Provide subject-matter expertise and leadership to the delivery of projects in support of RMG’s Cybersecurity strategy and ensure that risks are being managed in line with the Board’s Risk appetite. This includes supporting and contributing to the development and deployment of strategic security architecture blueprints and technical security standards across RMG and to Business Partners and Service Delivery
  • Stakeholder management. Able to engage and influence mid and senior stakeholders across Technology and business units with the ability to explain complex issues in simple language, and to stimulate second and third order thinking (i.e. what does this information mean to us as a business and therefore our risk picture vs our appetite?) 
  • Effective Security Advice. The role holder will ensure that RMG’s change and BAU renewal programmes receive timely, accurate and pragmatic security advice that position security as a business enabler not a compliance function.   This includes supporting the Architecture Concurrence Process in order to make appropriate provisions for embedding security architecture principles.
  • Pragmatic Security Architecture. The role holder will support, and as directed, lead the integration of security considerations into the fabric of RMG’s software development and adoption, and its infrastructure and platform adoption. This requires a business and technology horizon which spans significant parts of RMG and involves significant stakeholder engagement where technological credibility combined with clear communication is vital.
  • Threat and risk modelling. The role holder will perform threat modelling and security impact assessments in order to support development of security architecture blueprints and specify risk-based high level and detailed security requirements.
  • Security Architectural Alignment. The role holder will ensure compliance with RMG Security Architecture for applicable Solution Architectures by supporting and guiding projects throughout development and understand and use the methodologies required to effectively deliver the Security Architecture across RMG.
  • Ability to innovate. This role requires creative thinking to make a significant contribution to the development of security architecture and patterns which leverage vendor, opensource and RMG developed technology applications and infrastructure. This includes tracking emerging technologies & standards, pilot, and adopt as appropriate in agreement with the business security related technological innovation. This needs to be done in sympathy with agreed budgets and timelines.
  • Commercial awareness. The role holder must use their professional curiosity to understand RMG’s revenue generating business lines, their supporting functions and how technology enables these, in order to deliver appropriate security in support of their business goals. 
  • Continuous Improvement. The role holder will contribute measuring and improving the maturity and effectiveness of RMG Security Architecture and alignment with security architecture best practices. This includes participating in the development of security technologies and processes and supporting efforts to improve the maturity of RMG Security Controls through continuous collaboration with suppliers and other RMG business areas (e.g. Security Operations, Infrastructure and Service Introduction).

 

Qualifications and experience required:

 

 

  • Expert knowledge of Cybersecurity architectural practices. 
  • Expert technical knowledge of Security Architecture across all domains with a strong focus on Virtualisation and Cloud (Azure, GCP or AWS), Server, Desktop, Network, Storage, O/S, and Database.
  • Expert knowledge and understanding of Cybersecurity architectural principals and methodologies.
  • Ability to work at senior technology level and ensure that tactical activity supports the strategic picture.
  • Commercial experience from product selection and contract negotiation through to vendor relationship and service management. 
  • Agility of thought and comfort with complexity, together with the patience and resilience to overcome change inertia. 
  • The will to succeed in support of the business’ goals and to align potentially competing agendas to effectively manage Cybersecurity risk within the business risk appetite. 

   

Advantageous Qualifications:

 

  • Likely to be educated to degree level with a broad knowledge of Technology and cyber security
  • Recognized security architecture related qualifications e.g. SABSA, TOGAF, CISSP-ISSAP, CCSP
  • Any relevant Security Operations certifications e.g. CISM, CRISC, SANS, CompTIA, GIAC, CEH, OSCP.
  • ITIL or related qualifications a bonus.
     

 

TECH YOU’D NEVER EXPECT


We’re evolving, transforming and working together to innovate and provide a service our customers can trust. This is tech you’d never expect from Royal Mail. 

We are an inclusive employer with equality, diversity and fairness at the heart of our values and we’re proud to be recognised in The Times Top 50 Employers for Women 2020 for a 7th consecutive year. We welcome applications from individuals from diverse backgrounds and are committed to promoting fair participation and equality of opportunity for all our job applicants. 

We are happy to support flexible working and would welcome having a conversation with you about how we could support your needs. The way we work is evolving and needs to suit everyone, working with us, you can create a flexible and accessible solution that helps you do your best work.

 

 

For more information on Royal Mail Group click here

 

 


Job Segment: Architecture, Engineer, Risk Management, Information Systems, Security, Engineering, Finance, Technology