IT Risk and Security Architect
London, England, United Kingdom
INEOS Automotive - Grenadier - Built On Purpose
Story so far
Since Sir Jim Ratcliffe announced Project Grenadier in 2017, our team at INEOS Automotive has grown rapidly. From a start-up to the scaled business we are now, we've hit some huge milestones along the way. Despite some global challenges, we brought our first vehicle, the INEOS Grenadier, from a vision to prototype and to market in just five years. And now, as the first customer deliveries of our INEOS Grenadier have begun, we look to the future with our first all-electric vehicle.
People and Culture
With around 1500 employees, 10 locations and 44 nationalities, we're an international team working together to challenge the ordinary. We welcome people who mirror our values: Spirit of ownership, who take responsibility and make things happen. Delivering quality work, with ambition to deliver outstanding results and who have a community mindset, believing together everyone achieves more. Creativity and initiative are encouraged to support your career development.
We're doing things differently.
If this sounds like you, let's talk.
The role
The IT Risk and Security Architect will help to establish and maintain a risk management framework aligned with NIST/IRAM2, in addition to this performing threat and risk assessments, create high level/low level security architecture designs and assist the IT security manager with the realisation of the information security roadmap.
Responsibilities include (but are not limited to):
Risk Management
Responsible for establishing and maintaining a risk management framework that is aligned with NIST, IRAM2, ISO and GDPR
Maintaining the information security risk register. Lead the migration of Risk Register from excel spreadsheets to a dedicated risk management platform (Acuity Stream).
Ensuring risks are monitored and reported, while mitigation plans are proposed and followed up
Consulting with senior technology and business leaders regarding information security risks and their role in minimising exposure to those risks.
Leading internal information security risk audits including, but not limited to, ISO27001 and ISO22301
Helping to design and implement a robust third-party assurance framework that enables the business to gain oversight of risks across the ecosystem
Actively participate on the IT Change Board meetings as one of the approvers
Security Architecture
Performing threat and risk assessments, working closely with the enterprise architect to ensure INEOS Automotives digital solutions adhere to security architecture and privacy best practices
Creating high-level/low level security architecture designs
Auditing the security architecture of the existing information systems
Define the security requirements in compliance with standards and regulations
Assisting with the identification and triage of information security threats and helping to manage the response to security breaches
Security Operations
Assisting with the implementation and on-going management of information security solutions within INEOS Automotive
Supporting the development of information security policies and processes
Supporting the activities required to achieve ISO 27001 certification
Performing technical security assessments using tools such as Kali, Nessus and Burpsuite
Relationship Management
Establish and maintain effective relationships and governance arrangements with senior stakeholders
Provide effective independent escalation and reporting of any security issues, risks and deficiencies to the IT security Manager and Automotive IT teams
Actively participate in the INEOS Global Security Team
Requirements
5+ years information security operations experience in a medium/large multinational organisation on a similar role
Professional IT/security qualifications (CISSP,CRISC, CISM, CISA,GSEC) or equivalent professional certification
Relevant architectural experience, including an understanding of NIST, SABSA, TOGAF or equivalent frameworks
Experience with Cloud Platforms, Azure DevOps, Active Directory, Windows and Linux servers, SQL Server, Firewalls, WAFs, End Point Security, Virtualization Technologies, Mobile Device Management, VPN
Excellent knowledge of information security risk management frameworks and compliance practices
Knowledge of NIST CSF and 800-53, ISO 2700X, SOC2 security frameworks
Ability to assess information system processes and processing technologies for threats, vulnerabilities and risks
Ability to express technical information security issues in business terms
Resilient, with the ability to challenge senior stakeholders on information security issues.
Ability to challenge/negotiate with third-party vendors on information security issues
Ability to develop security standards and guidelines based on best practices, regulatory requirements and industry standards
Excellent knowledge of cloud security best practices (IaaS, SaaS, PaaS) - Azure/AWS experience a plus.
Good basic networking knowledge, excellent knowledge of network security.
Ability to work as part of an extended IT security team
Ability to build and maintain productive, strategic relationships within the business and third-party suppliers.
Excellent oral/written communication skills