Technology

Security Architect

Location: 
Richmond United Kingdom
Hours: 
35 hours / week
Contract Type: 
Regular
Schedule Type: 
Full Time
Job ID: 
R15587

Reed Exhibitions is a leading global events business. It combines face-to-face with data and digital tools to help customers learn about markets, source products and complete transactions at over 500 events in almost 30 countries across 43 industry sectors, attracting more than 7 million participants.  Our events, organised by 35 global offices, leverage industry expertise, large data sets and technology to enable our customers to generate billions of dollars of revenues for the economic development of local markets and national economies around the world.   Reed Exhibitions is part of RELX, a global provider of information and analytics for professional and business customers across industries. www.reedexhibitions.com

RELX is a global provider of information-based analytics and decision tools for professional and business customers. RELX serves customers in more than 180 countries and has offices in about 40 countries. It employs over 33,000 people, of whom almost half are in North America.

Job Purpose:      The Security Architect will support the business by providing architectural leadership, guidance, and hands-on design provision to meet business needs across the global business. This will be either through direct architectural ownership or by influencing and guiding regional IT teams as appropriate.  

Introduction:

The Security Architect will be responsible for designing, building, testing, and implementing security best practices within Reed Exhibitions core enterprise products. The Security Architect will have a dotted line into the Head of Infrastructure and End User Computing Architecture and is expected to have a thorough understanding of complex IT systems and stay up to date with the latest security standards, systems and authentication protocols, as well as best practice security products.

Key Responsibilities: 

  • Contributing to Information Security strategy
  • Promoting 'security is codified' as a key platform principle
  • Reviewing configurations and Infrastructure as Code for security weaknesses
  • Provide consultation on designs and drive secure by design as a fundamental aspect of solution design
  • Participate in the identification and definition of initiatives and solutions to deliver the business strategy and significantly contribute to the development of the strategic roadmap for delivery, understanding and communicating where RX can benefit from selective service provision
  • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
  • Reviewing threat intelligence sources and perform threat hunting using existing / new internal tools
  • Acting as an SME for security related topics and issues for internal stakeholders
  • Helping manage security incidents & provide a response to identify, contain & resolve
  • Production of automated metrics to help drive the security strategy
  • Production of self-help guidance to allow technologists to make informed secure decisions
  • Mentoring and action as a role model for more junior members of the team

The above is intended to describe the general content of and requirement for the performance of this job. It is not to be construed as an exhaustive statement of duties, responsibilities, or requirements.

General Duties

  • Create presentations / solution briefs and articulate proposals to executives, key stakeholders, and technical colleagues.
  • Articulate complex solutions to various clients, senior stakeholders, and technical teams. It is therefore a must that the Security Architect has excellent communication skills as you will be interacting with the business daily.
  • Effective collaboration with other teams to guide and influence team members and business colleagues
  • Support the design, maintenance and enhancement of support procedures and operating policies where relevant
  • Any other BAU duties that the company could reasonably expect to be completed in the scope of IT operations

Qualifications:

  • University Information Security degree or equivalent.
  • Fluency in English is required; fluency in German, French, Portuguese, Spanish, Chinese or Japanese will be highly desirable.

Technical Skills and Attributes:

  • Industry certification such as CISSP, OSCP, CSSLP, CISA, SCNP, CCNA Security, and /or CEH
  • NIST CSF, PCI-DSS, ISO27001, access controls, web application security, data classification and handling, 3rd party security, and cryptographic techniques
  • Knowledge of industry standard architectural principles, e.g. TOGAF, Zachman or Equivalent Qualification would be beneficial
  • Experienced in Information Security domains including Security Architecture, Policy Management, Regulatory Compliance, Security Operations, and Incident Management
  • Understanding of how security controls impact Infrastructure Operations and Development functions
  • Ideally hands-on experience performing and interpreting application and infrastructure security testing

Essential skills and experience

  • An in-depth understanding of network, systems, and application security
  • Analytical/ Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance
  • Experience implementing industry best practice security standards in large organisations
  • Implementation of security tools, integrated with secure SDLC DevOps pipelines
  • Detailed knowledge across a broad range of security domains
  • Ability to identify emerging security threats
  • Solid project and time management skills
  • Strong written and verbal communication skills

Desirable skills and experience

  • Experience with the Mitre ATT&CK Framework
  • Experience within DevSecOps
  • Experience with container/orchestration tools
  • Experience in CI/CD - Deployment pipeline experience (Jenkins, Ansible, Terraform)
  • Experience with different hosting technologies (Adobe AEM/AWS/ Azure/ On-premise)
  • Understanding of Windows and Linux infrastructure

Knowledge of some of the following is useful:

  • Static Application Security Testing (SAST) tools (e.g. SonarQube, Codacy, AppScan)
  • Dynamic Application Security Testing (DAST) tools (e.g. Acunetix, Detectify,Checkmarx)
  • Salesforce.com

Trim content

© Copyright Reed Exhibitions 2021 

White-TM.PNG

Back to top