Vacancy Details

            
Head of Security Architecture

        

        

            
Job number: SP06136

                        
Profession: IT & Information Services

            
Location: Sellafield or Risley


                                        
Band: 3A Lower

                        
                                        
Work Schedule: Days

                                        
            
Contract type: General (Internal)

                        
Posting date: 20/12/2024

            
Closing date: 05/01/2025


                                



    


     
    
    
        

            
Job Description


The Head of Security Architecture leads the Security Architecture team and is responsible for defining and communicating the ISO/ICT Security Architectural Framework, including policies and standards, across the organisation.


They, and their team, will provide ongoing advice and guidance to technical teams, projects, and programmes to enable security related decision making and ensure adherence to the framework.


Supporting the CISO, will assist in the definition and evolution of the Security Strategy to deliver the Digital Strategy. This will cover leading the definition of security requirements and design for data, application, and infrastructure architecture, defining cyber security patterns, policies, and standards to shape solution designs.


The role also represents security architecture in technology governance and assurance meeting and will also engage with the wider ISO/ICT Enterprise Architecture, Solution Architecture and Solution Design teams.


The role oversees the organisational approach to Secure by Design.





Principal Accountabilities


Leadership and Team Management


• Lead the Security Architecture team.

• Support the development of the Security Architecture Career Path and Community of Practice, championing security best practice within ISO/ICT and the wider organisation.


Strategic Direction

• Lead the definition, development, and maintenance of the organisations Enterprise Security Architecture and overall strategic approach to security architecture. Working alongside other architecture specialist teams in both IT and OT domains. Including vision, strategy, principles, policies, standards, and best practice.

• Develop and enhance technical security policies and standards, based on sound security architecture practices, including guidelines, templates, and other reference materials (e.g. physical, logical, conceptual designs), to enable the secure development of IT and OT systems.

• Support strategic projects with significant security architecture requirements.

• Make security control recommendations and identify the most suitable security-related solutions to enable ISO/ICT strategy.

• Contribute to the building of a more security conscious organisation, providing advice and recommendations across the Sellafield Ltd business, solving unprecedented issues and problems.

• Be recognised as an expert and maintain cutting-edge expertise of Cyber security trends, vulnerabilities, and threats, providing recommendations to minimise operational and reputational risk.

• Research, identify, validate, and adopt new technologies and methodologies.

• Oversee the organisational approach to Secure by Design.


Stakeholder Management


• Consult, advise or oversee the design of key IT systems, applications, data, and infrastructure projects to ensure alignment with enterprise security architecture standards.

• Act as a point of escalation for security-related architectural insight.

• Influence key organisational and architectural decisions and interact with senior stakeholders to reach and influence a wide range of people across the organisation.

• Provide representation on behalf of the CISO at key strategic forums, such as the technical design authority, in order to provide security assurance for major decisions.

• Educate internal customers on security risk and best practices.


Business and Financial Performance Management


• Engage with the CISO and Head of Architecture to report on the Security Architecture team’s performance and measure the business benefits of security investments.

• Prepare and manage the budget for the Security Architecture team in line with ISO/ICT expenditure goals and financial controls.


Governance, Risk Management and Assurance

• Lead security-related quality assurance throughout the project delivery lifecycle to ensure the Security Architectural Framework.

• Identify and deliver appropriate metrics to drive security architecture compliance.





Knowledge & Experience


Personal Attributes

• An effective communicator, able to accurately translate security and risk implications at the most senior levels across technical and non-technical stakeholders.

• Adaptable, able to successfully respond to challenges and manage stakeholder expectations across high risk and complexity, or under constrained timescales.

• A strategic thinker, able to provide direction, embrace a systems-view, and lead on change based on an assessment of the technical environment and acceptable risk levels.

• A team-player and leader, able to influence and guide others on best practice and provide recommendations and challenge in design reviews.

• An analytical thinker, able to understand and articulate the impact of vulnerabilities on existing and future designs and systems, and how easy or difficult it will be to exploit them.

• High attention to detail and personal integrity, a point of escalation trusted by senior stakeholders to apply and communicate risk methodologies effectively.





Essential Skills


• Degree or equivalent qualification or extensive experience in a relevant field, such as computer science, information systems, or a technology security discipline.

• Demonstrable leadership experience in an IT architecture or security architecture role.

• Effective communicator able to distil complex technical concepts to non-technical audiences

• Expert understanding of security concepts and the latest technology security requirements.

• Detailed knowledge of system architectures.

• Experience working with common security technologies including the M365 security stack, Sentinel & Azure

• A track record delivering security solutions and technologies from design to operation.

• Deep technical knowledge, able to operate at the highest levels of risk complexity.





Desirable Skills


• Experience with other architecture frameworks, for example:

o Sherwood Applied Business Security Architecture (SABSA)

o Zachman Framework

• Hold an industry-recognised security accreditation, for example:

o National Cyber Security Centre Certified Cyber Professional qualification/UK Cyber Security Council Chartership Title o Certified Information Systems Security Professional (CISSP)

o Certified Information Security Manager (CISM)

o BCS Enterprise / Solution Architecture certification.

• Experience working with UK regulatory frameworks, for example:

o Nuclear Industries Security Regulations (NISR)

• Understanding of Sellafield Ltd, including its operations and ICT estate or equivalent.

• The Open Group Architecture Framework (TOGAF) certified.

• Membership of the CIISec or British Computer Society or other equivalent professional body.





Additional Information


• Open VN

• Number of Vacancies: 1

• Contact/s: David Marshall


The interviews for this vacancy are expected to be between week commencing 27th January and week commencing 3rd February 2025.


ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C GCSE in English, Maths & Science/IT or equivalent / higher qualification.


If you choose to apply for this role and your application is shortlisted by the hiring manager, you will be invited to a competency based interview. In the interview, you will be assessed against the below competencies:


Behavioural:

1. Effective communication

2. Leading Change

3. Problem Solving


Technical:

1. Security Architecture

2. Cloud Security


Please see link to the competency framework for further information:

https://slportal.ssa-intra.net/pub/SC001/00027/Competency%20Framework/Forms/AllItems.aspx


If your technical competency is not in the above framework, please refer to the profession’s share point page for further information.


During the interview, you will also be expected to give a 5 minute verbal presentation (no slides) on following topic:

‘Government has mandated that public sector organisations adopt the Secure by Design initiative. What key challenges are you like to encounter, and what strategies to overcome these would you deploy in a critical national infrastructure organisation like Sellafield?’


Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk.


Please ensure that you save a copy of this advert for future reference if you make an application for this role.




        

    

    
    

    

        

            Back to list
        

        

            Email a friend
        

        

            Print
        

        

            Apply for job