IT Security Architect

Harris Global
London (Central)
From £80,000 to £90,000 per annum Benefits + Bonus
12 Oct 2016
20 Oct 2016
Contract Type
IT Security Architect Harris Global is currently recruiting for a global insurance house based in Central London with a global presence. The role will identify, evaluate, report on, and manage third party information security risks. The position requires in-depth knowledge of information security concepts and controls, with a strong understanding of risk management principles and various technologies. This role is accountable for understanding complex technology and line of business projects, identifying information security risks, analyzing complex security issues, performing and documenting risk assessments, and providing sound guidance to stakeholders to mitigate risk. Key Responsibilities: · Independently execute information security due diligence on third parties during varying phases of the third party risk management program · Lead discussions with various resources to understand inherent information security risks presented by technology or business projects involving third parties (e.g., data exposure, criticality, process dependencies, etc.) · Evaluate third party administrative, technical, and physical controls through utilization of information security standards and frameworks · Develop and socialize detailed risk assessment reports that effectively communicate risks and associated recommendations in a manner that enables informed decision making · Translate information security terminology into terms understandable to diverse groups · Promote ownership of risk with various stakeholders · Identify risks for escalation where appropriate · Maintain adequate documentation pertaining to work performed · Track and facilitate the resolution of open action items · Interface with procurement, legal, and third parties to formalize, review, and negotiate information security requirements in agreements · Build and sustain collaborative relationships with multiple constituencies Experience: High level of business acumen, preferably in a regulated/financial industry · Five years of information security experience with a focus in control assessment/design, governance, risk management, program development, compliance, and/or auditing · Expert-level knowledge of both the business and technical aspects of information security, including third party security risk and European data protection regulation. · Ability to understand and analyse complex business processes and technologies to make sound recommendations to non-technical constituents · Strong broad-based technical background (distributed/mainframe, database, web-based application development, etc.) · Strong risk-based analysis and decision making skills · Experience interpreting and applying information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) or attestation reports (e.g., SOC 1/2) · eGRC system or similar system administration experience a plus · Experience reviewing and redlining agreements is a plus Qualifications · Bachelor’s degree or equivalent work experience · Certification such as CISM, CISA, CRISC, CCSP, CISSP or CIPP is a plus This job was originally posted as