Security Architect

Company Description

Evelyn Partners is the UK’s leading integrated wealth management and professional services group, with over 186 years of experience in helping generations of people and businesses to thrive. We offer an extensive range of financial and professional services to individuals, family trusts, professional intermediaries, charities and businesses.

We provide an award-winning service for our clients by employing the best people. Join us on our mission to place the power of good advice into more hands because we believe that everyone deserves access to good advice, regardless of where they’re at in their financial journey.

An exceptional track record of growth and innovation is driven by our core values of: Personal, offering advice based on a true understanding of what matters to our clients; Partnership, working with our clients in a joined-up, collaborative way; and Performance, demonstrating a breadth and depth of advice expertise to deliver first-class results.

Read more about us and available career opportunities here:

Wealth, accountancy and business advisory services | Evelyn Partners

Careers | Evelyn Partners

Job Description

The Security Architecture/ Manager will be responsible for developing, implementing, and running our security engineering and operations processes.

This role will involve overseeing security design/architecture of our security tooling; GRC, security engineering (Software/DevSecOps & Platform Infrastructure), security operations (including 24/7 SOC) and threat intelligence/vulnerability management.

They will also be responsible for liaising with the Portfolio, Architecture and Solution Design boards to ensure that new change requirements/designs are triaged for security impact and ‘secure by design’ by adhering to our baseline security controls. Working with an internal team of 12 security professionals, along with 3rd party support partners, the successful candidate will play a critical role in ensuring the security of our systems, networks, and data.

• Develop and implement information Security Design Principles, Baselines & Standards: Formulate and execute a long-term security operations strategy aligned with the organisations goals and industry best practices. 
• Security Design & Technology Evaluation: Complete Threat Modelling and Security Design/Review activity for business and technology solutions. Evaluate and recommend security technologies and solutions to improve the organisation's security posture.
• Project/ Programme: Be the security point of contact for business and technology change. Understanding requirements and providing impact assessments/costs associated with security’s involvement in the project
• Security Operations: Provide support and guidance to enhance operation tooling/automation and provide expert knowledge to incident response teams when required.
• Compliance and Risk Management: Ensure compliance with industry regulations, standards (e.g., Cyber Essentials, NIST, GDPR, HIPAA, ISO 27001), and internal policies. Identify and assess security risks and develop risk management strategies.
• Security Awareness and Training: Support development and delivery or technical security awareness programs to business and DTS technology managers/professionals about cybersecurity best practices and threats; build a security culture.
• Vendor Management: Evaluate and manage third-party security vendors, products, and services to ensure they are adhering to agreed SLAs and adding value to our organisation
• Continuous Improvement: Incept and lead delivery of security improvement initiatives and changes following internal processes to improve the security posture of our environment and maturity against frameworks such as NIST
• Collaborate with the wider Digital Technology Services (DTS) teams such as Infrastructure, Service Management, Data & Analytics and Engineering/Development teams as well as teams outside of DTS to ensure security supports the achievement of business objectives
• Team Development: Act as a security/technical mentor to the wider security team. Act as technical/engineering security expert, primarily in cloud/infrastructure security.

Qualifications

• Bachelor's or Master's degree in Computer Science, Security Engineering or related field 
• Relevant Industry certifications such as CISSP, CISM, CISA, or other security certifications 
• Proven hands on experience in senior architecture, or engineering roles, managing hybrid (internal & 3rd party) operating models 
• Prove experience of producing and representing architecture & design artefacts (options papers, high level designs, detailed designs)
• Experience/Understanding of GRC, Threat Intelligence, Security Assurance & Testing, Security Engineering, Security Operations, Vulnerability Management and KPI/KRI reporting
• Excellent leadership and team management skills
• Exceptional communication and interpersonal skills
• Excellent documentation, presentation and reporting skills
• Good commercial and contract awareness skills
• Good project management skills
• Experience of working in Financial Services, Private Equity owned and/or M&A environments
• Experience of People/Line Management would be beneficial

Additional Information

As a colleague here at Evelyn Partners, you will have access to benefits that include:

• Competitive salary
• Private medical insurance
• Life assurance
• Pension contribution
• Hybrid working model (role dependant)
• Generous holiday package
• Option to purchase additional holiday
• Shared parental leave

We are proud to value the differences that a diverse workforce brings, representative of society and our clients.  At Evelyn Partners we have a wide range of highly active employee resource groups and we’re delivering multiple diversity, equity and inclusion initiatives across the organisation.  It is our commitment to provide a workspace where all colleagues, regardless of identity, background, or circumstance, feel respected as individuals and feel that they can achieve their full potential and work in a safe, supportive, and inclusive environment. 

We are happy to make any reasonable adjustments to accommodate for your needs throughout the application process.  Please let your Recruiter know.