Enterprise Security Architect
London, United Kingdom
ASOS
Discover the latest fashion trends with ASOS. Shop the new collection of clothing, footwear, accessories, beauty products and more. Order today from ASOS.Company Description
We're ASOS. We blend our flair for fashion with our love of cutting- edge technology, but more importantly were interested in how we can bring the best out of you.
We exist to give people the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you're free to be your true self without judgment, and channel your creativity into a platform used by millions.
We are currently seeking an Enterprise Security Architect to join the wider Architecture function at ASOS. This position will directly report to the Head of Architecture while supporting the CISO to meet the specific security needs of the business. At ASOS the security function incorporates information security, physical security, and fraud prevention.
Job Description
Day to Day Responsibilities:
- Accountable for leading the Security Architecture domain, performing an architecture and consultancy role, as well as providing thought leadership, liaising with the architect community and other senior IT and Business partners to guide them in security related architectural and strategic matters.
- You will be leading a team of Security Architects, owning the security strategies for ASOS.
- Develop security architecture and technology solutions to address the current and emerging security and compliance requirements of the organisation. You will help ensure enterprise information is secured by determining security requirements; planning, implementing, and testing security systems; preparing security standards, policies, and procedures; mentoring team members.
- Review the existing security architecture, identifying design gaps, and recommending security enhancements. You will ensure alignment between security architecture frameworks and standards with overall business strategy.
- You'll be assisting the preparation and presentation of business cases for strategic initiatives to senior management for funding approval. Where this is cross domain, it will require collaboration with peers and be led by the Chief Architect.
- There will be day-to-day management functions for direct reports such as performance management, workload management as well as developing career and capability of the existing Security Architects in your team.
- This is a highly collaborative/facilitator role. You will be required to operate at several different levels: from working with various architect roles at differing seniority, to working very closely with the CISO and Security Team and contributing to the Information Architecture governance activities. You will also work closely with the Secure Development engineering team.
Qualifications
Getting to know you:
- We are looking for an existing senior Security Architect, working in a cloud environment.
- Your experience includes Security Architecture strategy and design and working effectively within application security, including secure application development (security in SDLC phases) and architecture.
- You will have demonstrable experience of Operational Technology Security (e.g. IEC 62443, NIST 800-82) and regulatory compliance and information security management frameworks (e.g., IS027000, COBIT, NIST 800, etc.)
- Experience in the following during your career: Network Security, Network Hardware Configuration, Network Protocols, Networking Standards, Supervision, Conceptual Skills, Decision Making, Informing Others, Functional and Technical Skills, Dependability, Information Security Policies.
- You will have experience in Attack Surface Analysis, Threat Modelling, Static Analysis, Dynamic Analysis & Architecture and Design reviews.
- You will have good knowledge of secure coding standards (CERT/OWASP/SANS/WASC/MITRE) and understand the most appropriate cryptographic techniques and how they should be used by commercial organisations.
- You will have familiarity or experience of architectural frameworks such as TOGAF, Zachman and previous experience in retail would be beneficial to assist you rapidly add value in your exciting journey at ASOS.
- You will have experience of mentoring, coaching and line managing others to become the best they can be.
- Ideally, you will hold industry recognised security certifications such as CISSP, CISM, ISSAP, SANS, etc.
Additional Information
What's in it for you?
- Competitive salary, pension, and private medical care scheme
- Performance related bonus
- Flex benefits allowance - which you can chose to take as extra cash, or use towards other benefits
- 25 days paid annual leave + an extra day for your birthday
- Employee discount (hello ASOS discount!)
- Tech Develops - our internal tech focussed skills development programme to focus on your personal growth as a technologist
- Opportunity to represent ASOS at industry leading events
- Opportunity to help shape and drive our DE&I initiatives in Tech (like our WIT movement and Diversity mentoring in Tech)
- Opportunity to make an impact from day one and work with the latest in cutting edge of technology
We want our people to be whoever they want to be. That’s why we’re committed to creating a truly inclusive culture at ASOS, but how we're doing it?
Through our Fashion with Integrity strategy we are driving diversity, equity and inclusion across every aspect of ASOS and ensuring every ASOSer can be their authentic self at work. We want our people to be whoever they want to be, because we believe people who bring their best selves to work, do their best work.
We’re proud members of Inclusive Companies, are Disability Confident Committed and have signed the Business in the Community Race at Work Charter. We’ve also recently been placed 8th in the Inclusive Top 50 Companies Employer List too.
There are safe space employee networks and we host a monthly DEI events series to help support and celebrate all of our people. We are constantly listening to our people, evolving, changing and taking a flexible approach to how we make ASOS truly inclusive.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security CERT CISM CISO CISSP Cloud COBIT Compliance Governance IEC 62443 Network security NIST OWASP SANS SDLC Strategy TOGAF
Perks/benefits: Career development Competitive pay Equity Flex hours Medical leave Salary bonus Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open IPS-related jobs
- Open CEH-related jobs