PCI/DSS Information Security Architect - Leicestershire

PCI/DSS Information Security Architect - Leicestershire

Experienced Information Security Architect required to play a key role in the evolution of the companies security architecture and security functions.

This individual will provide security guidance for the IT environment with the aim of maturing the company's infrastructure security policy and technology frameworks, improving overall security posture and improving company-wide security awareness.

Key skills:

• Extensive Information Security experience
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or similar industry qualification.
• Technical expertise in a wide portfolio of security control technologies and security related experience with a proven track record of delivery in a dynamic and reactive environment. Ability to work in a fast pace challenging and demanding environment with changing priorities.
• Strong understanding of the information security industry, current security issues and trends.
• Knowledge of application security best practices, tools and methodologies.
• Knowledge of information system architecture and security controls (ie Firewall and border Router configurations, operating systems configurations, wireless architectures, databases, specialized appliances and information security policies and procedures).
• Organizational, decision-making and analytical skills.
• High level knowledge of principles, practices and procedures of information security and how this applies to and impacts the business and knowledge of standard Systems Development life cycle practices.
• Excellent written and oral communication skills at all levels, strong communicator and ability to articulate and communicate complex IT-related business issues to senior staff.
• Ability to constructively challenge, facilitate and probe to fully understand the business needs.
• Proven ability to plan and prioritise workloads, project manage whilst working to strict deadlines and measuring progress.
• Strategic thinker with proven analytical and problem solving abilities.
• Demonstrable knowledge of PCI/DSS.

Responsibilities:

• Provide expertise and guidance on information security for the organisation, working effectively with strategic organisational functions such as IT, legal and also third party experts to provide authoritative advice and guidance on the requirements for security control.
• Work closely with development teams to define security requirements, build secure architecture design models, & drive security initiatives.
• E nsure protection, detection, and reaction capabilities are incorporated into information systems.
• Provide guidance and direction in all aspects of design, creation, testing approaches and documentation standards and also maintain awareness of emerging security technology, working with vendors to understand and procure new security technology or upgrades to existing security assets
• Identify security requirements and controls by evaluating business strategies, researching information security standards, conducting system security and vulnerability analyses and performing risk assessments.
• Develop and implement Security Standards, Policies & Configurations for all IT components and business processes and ensure applicable security controls are implemented and maintained
• Establish and maintain constructive working relationships with stakeholder groups ensuring status changes, risks and issues are communicated in a timely and effective manner to all affected stakeholders and ensure that effective working relationships exist at all levels by simplifying complex technical messages.
• Work with business and the Systems Department to ensure owners remediate issues and preventative measures are implemented
• Maintaining and enhancing knowledge and ensuring continually up to date with the latest Security risks, threats and solutions as well as business and industry technologies and trends
• Research and recommend tools to manage security analysis, process and risk
• Supporting compliance, PCI/DSS, IS Security policies, standards and controls
• Act as incident escalation for Security Incidents, provide expertise to readdress issues, support & advise analysts, conduct post incident investigations to resolution & amend any processes or procedures to enhance protection against future exploits/vulnerabilities.
• Maintain & present KPI's and other metrics to in relation to application risk management, threats and vulnerabilities, access controls and information security strategy and compliance.
• Communicate and represent the team effectively at all levels; including (but not exclusive to) Senior management, external companies, business users and other departments and e ncourage and develop effective communication and teamwork between the IT Security team and other business departments.

PCI/DSS Information Security Architect - Leicestershire