The Head of Security Architecture and Engineering will be responsible for enhancing and leading Clyde & Co's global Security Architecture and Engineering function. The function is responsible for ensuring that the design of business solutions meets security and compliance mandates.

The Head of Security Architecture and Engineering will partner with stakeholders across the organisation to securely achieve the functional requirements of business initiatives and be the technical authority on information security architecture within the Clyde & Co.

The focus of this role will be to help us mature our Security Architecture and Engineering capability by effectively engaging with IT, business stakeholders and third parties to efficiently design and implement effective security solutions.

This is an exciting opportunity to help us build a high performing Security Architecture and Engineering function and will report directly to the CISO.

Key responsibilities

As the Head of Security Architecture and Engineering this role will be accountable for the definition, maintenance, and implementation of the security architecture in support of the business and technical architecture. The role is also accountable for ensuring that a Security by Design approach is taken with new programmes, projects, and major change initiatives to deliver security assured and compliant solutions. The successful individual will be able to identify emerging technical risks and associated remediation responses to anticipate and address avoidable security events and incidents. This will include network security, application security, cloud security and endpoint security. Primary responsibilities include:

Security Architecture and Consulting

• Providing security subject matter expertise and consulting to all new initiatives to ensure positive security outcomes are delivered, including the early definition of security controls required, definition and implementation of clear secure development design principles and developing a Security Testing & Assurance capability
• Implementation and management of a stringent Secure Development Lifecycle programme, aligned to the Clyde & Co project methodology, to ensure the effective security governance of Clyde & Co.'s application portfolio.
• Ensure that relevant security policies are in place, reviewed and applied effectively.
• Participate in the architecture review board (ARB) to provide guidance on the architecture and design of security solutions for applications or systems
• Lead the continuous identification of technical risks and threats to our network security provisions.
• Accountable for the definition, maintenance and implementation of network security controls and technologies.

Security Architecture and Engineering

• Providing input to the global security strategy & investment plan creation and maintenance.
• Lead the definition, review and implementation of the cloud security architecture and supporting controls to ensure that security is built into the design of our cloud technology and services.
• Identify opportunities to standardise and simplify our security technology stack by leveraging native cloud capabilities.
• Lead key security architecture and engineering transformation projects designed to enhance our current measures and protect Clyde & Co against our key threats.
• Build strong relationships with the rest of the cyber security and wider IT teams to collaborate on initiatives and raise awareness of the technical threat landscape.
• Review and improve hardening security standards for endpoints, server, firewalls etc, to aligned with good practice.
• Enhance and implement endpoint protection and monitoring solutions.
• Review data egress and ingress points and identify opportunities enhance current controls and technologies to effectively protect and monitor data leaving the organisation.
• Ensure that data leakage protection measures are defined, designed, and implemented to minimise internal data leakage incidents
• Collaborate with the Security Operations team in the assessment of new technologies and products for IT and business solutions.

Leading the team

• Identify resourcing requirements and hire, train and retain our security architecture and engineering team.

Experience and skills required

The ideal candidate will have the following experience and skills:

• 5+ years of technical security architecture and engineering experience in a global security function.
• 2+ years of experience in leading a global security architecture and engineering function.
• Expert-level knowledge of security principles and technologies.
• Experience designing and implementing security solutions with a specific focus on cloud solutions.
• A sound understanding of emerging threats and industry trends.
• Strong interpersonal, communication and influencing skills with the ability to operate and communicate effectively at all levels.
• Experience with cloud networking architecture and operations as well as security automation and orchestration.
• A sound understanding of Information Security Forum Standard of Good Practice (ISF SOGP). ISO/IEC 27001/2, NIST and OWASP Top 10.
• I deally knowledge of the legal industry but not essential.

Education

• A technical degree and / or industry recognised qualification and demonstrable experience in Information Security Management (e.g. CISSP, CISM or GIAC certification).
• Demonstrable experience in architecture and engineering principles (e.g. SABSA, TOGAF).

Clyde & Co shifted to virtual work for the majority of our lawyers and business services team with the global outbreak of Covid-19. This precaution was taken to help protect our people, clients and communities. It is likely that this role will start virtually while the firm continues to evaluate the situation.

-Principals Only-

We offer a rewarding work environment that supports professional growth and opportunities. We value diversity in our work place and it is the policy of the Firm to recruit, hire, promote, reassign, compensate and train highly qualified persons without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin, age, disability or any other basis protected by applicable law.

CLYDE & CO PRIVACY NOTICE: https://www.clydeco.com/help/privacy