Our IT vision is to be one global IT team delivering world class expertise, innovation and agile technology solutions, whilst ensuring the stability and security of all our IT platforms and services. Our industry is evolving fast and our clients have new demands. Emerging technologies and applications are creating new opportunities for transforming client relationships. As an IT function, we embrace and respond to these challenges, collaborating more and more with lawyers and Business Professionals teams to improve the way we deliver to clients.
Alongside world-class legal careers, (COMPANY NAME) offers excellent opportunities in the support functions that underpin its business operations. By joining us in our Business Professionals Group, you will help us to innovate in the way we deliver our services and enable us to run a successful multinational business that never stands still. Business professionals are integral to the running of the firm and are critical to its success.
* The Security Architecture & Engineering Manager is the responsible authority with the requisite knowledge to work across a wide variety of portfolios providing Information & Cyber Security domain expertise and skills to help provide strategic technical direction that can optimise enterprise outcomes.
* This role will lead all efforts in the Information Security Architecture space specialising in Cloud and CI/CD architecture but will have oversight and management of Architecture, Engineering and Resilience resources, having direct reports from these areas.
* Primarily this role focuses heavily on Clifford Chances Cloud investments and to lead its Agile Security approach, both internally and externally with our development partners.
* This role focuses on the implementation of Information and Cyber Security across multiple portfolios within the CC IT space. It is a key role in driving Information & Cyber Security transformation and helping to ensure that the end vision is being delivered in a secure and resilient way while focusing on the overall experience to the users.
* The Security Architecture & Engineering Manager will collaborate on the production of the domain architectural runway built to support future, current and near term business security and resiliency needs in both the operations and CI/CD environmentsAt portfolio level, the Security Architecture & Engineering Manager provides guidance relating to information and cyber security with regards to Business changes, changes in underlying technologies, emerging standards, competitive changes and other factors, which may drive the business in directions that are outside the purview of agile portfolios.
* To make sure that we are able to provide internal assurance across a range of services, platforms and offerings in their design and approach from an Agile and Cloud offering perspective.
* Maintain a high-level holistic vision of Information Security within enterprise solutions and CC development initiatives, both internally and externally with partners.
* Assessment, review and design of Global solutions with an emphasis on cloud based solutions in line with risk appetite.
* Application of working knowledge to SaaS, PaaS & IaaS cloud solutions.
* Have a strong knowledge of cloud solutions and demonstratable practical experience with Windows, Linux and networks including mobile and web based platforms.
* Have a working knowledge of Application Security Testing, identification of OS, Infrastructure, Application and Middleware security vulnerabilities and remediation with services such as Tenable, Qulays, Accunetix and Secure Code Assessment tools.
* Security knowledge should include on container/cluster based solutions included Docker, Kubernetes, AKS and fundamentals of Data Science.
* The ability to help secure the Agile based CI/CD pipeline solutions and achieve MVP security offerings.
* Strong knowledge of approaches for Identity Management and federation including SSO options Okta, ADFS, RSA, SAML and MFA
* Have a working understanding of Cloud Acceleration, SD-WAN, DDoS and network based controls such as Zero Trust Networks, reverse proxies, Next Generation Firewalls, Web Application Firewalls, IPS/IDS, Conditional Access
* Be aware of Cloud based assurance and risk models and their application, including CSTAR Gold and other associated frameworks.
* Have knowledge of virtual and physical networking, including routing, switching, firewalls, DNS, encryption.
* Have a fundamental knowledge of Hardware Security Modules/Key vaults and key rotation.
* Understand Linux and Windows 2016 server concepts, including scripting, PowerShell and automation technologies
* Address Information Security innovation as part of the future of architecture.
* Synchronise the following across solutions whenever applicable:
- System, data security and quality;
- Production infrastructure;
- Solution User experience governance;
- Scalability, performance and other NFRs.
* Participate in Release Planning activities from an Information Security Perspective.
* Attend demos whenever critical redesign or foundation work is in progress from an Information Security perspective.
* Keep in touch with the reality of the day-to-day Information Security architecture work, listening to the feedback and issues raised by the domain teams to consider and reflect in the roadmaps.
* Understand and communicate strategic Information Security themes and other key business drivers for architecture to solution architects and non-technical stakeholders.
* Contribute an Information and Cyber Security perspective to wider architectural initiatives in the portfolio where applicable.Influence Information & Cyber Security best practices with regards to common modelling, design and coding practices, working closely with our application development teams and technical leads to ensure security across the portfolio.
* Ideally, an Information Security professional with both technical design and engineering expertise in a range of technologies as well as a good well rounded knowledge set of the Information & Cyber Security frameworks and principles.
* Extensive senior stakeholder management skills.
* Leadership skills and management capabilities.
* Excellent communicator, able to motivate, coach and mentor a strong technical team and stakeholders.
* Various levels of expertise in a particular with regards to Agile and Cloud architecture domain (application, data or infrastructure) with broad knowledge of the other architecture domains.
* Knowledge of architecture frameworks and methods such as The Open Group Architecture Framework (TOGAF) and the ability to develop and maintain personal architectural knowledge, skills and abilities.
In order to perform this role you will have solid experience, in IT and a large portion of that in either a senior IT Security engineering role or architecture role working at senior level in a global organisation.
* Experience in leading and developing teams and functions with both on shore and off shore team members.
* Previous experience of working for a global professional service environment or corporate organisation such as legal/finance/banking.
* Solid understanding of multiple architecture and security tools, techniques and frameworks SAFe, CSTAR, TOGAF, SABSA, BSIMM, NIST, ISO 2xxx1 etc.
* Solid understanding of secure development principles for multiple delivery methods, Agile, Waterfall etc.
* Practical experience of Information Security Risk Management and Threat Management.
* The ability to champion Information Security Architecture principles at an enterprise level.
* Practical experience of working with Lean & Agile delivery tools such as Agile Central (or other similar tools e.g. JIRA, Confluence, Rally) is preferable
* Experience of developing IT roadmaps for specific business or technology areas.
* Experience of working with multiple, diverse technologies and processing environments.
* Adaptability to adapt security architecture plans to a variety of rapidly changing environments.
* Ability to building information and system resilience into every architecture plan or system to meet business requirements.
You will have a well-rounded knowledge of all Information Security & Cyber Security domains. Your Architecture or engineering experience must be clearly demonstrable and will have worked alongside architects and understand the requirements of architecture frameworks such as SAFe, Agile and TOGAF as well has having an excellent Information & Cyber Security frameworks such as CSTAR Gold, NIST, Cyber Essentials and ISO2xxx1.
The ideal candidate will be Azure/AWS Architecture certified, CCSK Certified, and have qualifications in either Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) .
To find out more:
Interested? To find out more about what it is like to work at (COMPANY NAME) in London please visit our careers site
At (COMPANY NAME) we understand that our true asset is our people. We believe that each and every one of us should experience an equality of opportunity and an equality of experience here. We are always working to develop and deliver the best and most innovative approaches to make that happen. Inclusion is good for our team and their families, our firm and society.
We are therefore committed to treating all employees and job applicants fairly and equally regardless of their gender, gender identity and expression, marital or civil partnership status, race, colour, national or ethnic origin, social or economic background, disability, religious belief, sexual orientation, or age. This applies to recruitment and selection, terms and conditions of employment including pay, promotion, training, transfer and every other aspect of employment.
The firm will regularly review its procedures and selection criteria to ensure that individuals are selected, promoted and otherwise treated according to their relevant individual abilities and merits.
We have a number of initiatives and networks that support our aspiration to be the Global Law Firm of choice. These include our LGBT, Gender Parity, Ethnicity and Disability networks.
#LI-WRAP #LI-POST #IND