IT Risk & Security Architect

70000

Overview:Join a dynamic team at our client, where innovation and collaboration drive their mission to redefine automotive excellence. Since the inception of Project Grenadier in 2017, the company has experienced rapid growth, transitioning from a startup to a thriving enterprise. With their pioneering spirit, they've achieved significant milestones, including the successful launch of their flagship vehicle. As they embark on new ventures, including their first all-electric vehicle, they're seeking talented individuals who share a passion for innovation and excellence.

The Role:As an IT Risk and Security Architect, you will play a pivotal role in ensuring the security and integrity of our digital infrastructure. You will collaborate with cross-functional teams to establish and maintain a robust risk management framework aligned with industry standards. Your responsibilities will include conducting threat and risk assessments, designing security architecture, and assisting in the implementation of information security policies and processes.

Key Responsibilities:

  1. Establish and maintain a risk management framework aligned with NIST, IRAM2, ISO, and GDPR standards.
  2. Maintain the information security risk register and oversee its migration to a dedicated risk management platform.
  3. Monitor and report on security risks, propose mitigation strategies, and ensure their implementation.
  4. Consult with senior technology and business leaders on information security risks and best practices.
  5. Lead internal information security audits, including ISO27001 and ISO22301 assessments.
  6. Design and implement a third-party assurance framework to oversee risks across the ecosystem.
  7. Conduct threat and risk assessments to ensure adherence to security architecture and privacy best practices.
  8. Develop high-level and low-level security architecture designs.
  9. Audit the security architecture of existing information systems and define security requirements.
  10. Assist in identifying and managing responses to information security threats and breaches.
  11. Support the implementation and management of information security solutions.
  12. Assist in achieving ISO 27001 certification and perform technical security assessments.
  13. Establish and maintain effective relationships with senior stakeholders and participate in the global security team.

Requirements:

  • Minimum of 5 years of information security operations experience in a multinational organization.
  • Professional IT/security qualifications (CISSP, CRISC, CISM, CISA, GSEC) or equivalent certification.
  • Relevant architectural experience, including knowledge of NIST, SABSA, TOGAF, or equivalent frameworks.
  • Experience with Cloud Platforms, Azure DevOps, Active Directory, Windows and Linux servers, SQL Server, Firewalls, WAFs, End Point Security, Virtualization Technologies, Mobile Device Management, VPN.
  • Excellent knowledge of information security risk management frameworks and compliance practices.
  • Familiarity with NIST CSF and 800-53, ISO 2700X, SOC2 security frameworks.
  • Ability to assess information system processes and technologies for threats, vulnerabilities, and risks.
  • Strong communication skills and the ability to articulate technical information security issues in business terms.
  • Resilience and the ability to challenge senior stakeholders and third-party vendors on security matters.
  • Proficiency in cloud security best practices (IaaS, SaaS, PaaS) with Azure/AWS experience preferred.
  • Basic networking knowledge and expertise in network security.
  • Ability to work collaboratively within an extended IT security team and build productive relationships with stakeholders and suppliers.
  • Excellent oral and written communication skills.