IT Risk and Security Architect

London, England, United Kingdom

INEOS Automotive - Grenadier - Built On Purpose

Story so far

Since Sir Jim Ratcliffe announced Project Grenadier in 2017, our team at INEOS Automotive has grown rapidly. From a start-up to the scaled business we are now, we've hit some huge milestones along the way. Despite some global challenges, we brought our first vehicle, the INEOS Grenadier, from a vision to prototype and to market in just five years. And now, as the first customer deliveries of our INEOS Grenadier have begun, we look to the future with our first all-electric vehicle.

People and Culture

With around 1500 employees, 10 locations and 44 nationalities, we're an international team working together to challenge the ordinary. We welcome people who mirror our values: Spirit of ownership, who take responsibility and make things happen. Delivering quality work, with ambition to deliver outstanding results and who have a community mindset, believing together everyone achieves more. Creativity and initiative are encouraged to support your career development.

We're doing things differently.

If this sounds like you, let's talk.

The role

The IT Risk and Security Architect will help to establish and maintain a risk management framework aligned with NIST/IRAM2, in addition to this performing threat and risk assessments, create high level/low level security architecture designs and assist the IT security manager with the realisation of the information security roadmap.

Responsibilities include (but are not limited to):

Risk Management

Responsible for establishing and maintaining a risk management framework that is aligned with NIST, IRAM2, ISO and GDPR

Maintaining the information security risk register. Lead the migration of Risk Register from excel spreadsheets to a dedicated risk management platform (Acuity Stream).

Ensuring risks are monitored and reported, while mitigation plans are proposed and followed up

Consulting with senior technology and business leaders regarding information security risks and their role in minimising exposure to those risks.

Leading internal information security risk audits including, but not limited to, ISO27001 and ISO22301

Helping to design and implement a robust third-party assurance framework that enables the business to gain oversight of risks across the ecosystem

Actively participate on the IT Change Board meetings as one of the approvers

Security Architecture

Performing threat and risk assessments, working closely with the enterprise architect to ensure INEOS Automotives digital solutions adhere to security architecture and privacy best practices

Creating high-level/low level security architecture designs

Auditing the security architecture of the existing information systems

Define the security requirements in compliance with standards and regulations

Assisting with the identification and triage of information security threats and helping to manage the response to security breaches

Security Operations

Assisting with the implementation and on-going management of information security solutions within INEOS Automotive

Supporting the development of information security policies and processes

Supporting the activities required to achieve ISO 27001 certification

Performing technical security assessments using tools such as Kali, Nessus and Burpsuite

Relationship Management

Establish and maintain effective relationships and governance arrangements with senior stakeholders

Provide effective independent escalation and reporting of any security issues, risks and deficiencies to the IT security Manager and Automotive IT teams

Actively participate in the INEOS Global Security Team

Requirements

5+ years information security operations experience in a medium/large multinational organisation on a similar role

Professional IT/security qualifications (CISSP,CRISC, CISM, CISA,GSEC) or equivalent professional certification

Relevant architectural experience, including an understanding of NIST, SABSA, TOGAF or equivalent frameworks

Experience with Cloud Platforms, Azure DevOps, Active Directory, Windows and Linux servers, SQL Server, Firewalls, WAFs, End Point Security, Virtualization Technologies, Mobile Device Management, VPN

Excellent knowledge of information security risk management frameworks and compliance practices

Knowledge of NIST CSF and 800-53, ISO 2700X, SOC2 security frameworks

Ability to assess information system processes and processing technologies for threats, vulnerabilities and risks

Ability to express technical information security issues in business terms

Resilient, with the ability to challenge senior stakeholders on information security issues.

Ability to challenge/negotiate with third-party vendors on information security issues

Ability to develop security standards and guidelines based on best practices, regulatory requirements and industry standards

Excellent knowledge of cloud security best practices (IaaS, SaaS, PaaS) - Azure/AWS experience a plus.

Good basic networking knowledge, excellent knowledge of network security.

Ability to work as part of an extended IT security team

Ability to build and maintain productive, strategic relationships within the business and third-party suppliers.

Excellent oral/written communication skills