Security Architect

Hear from the Hiring Manager

"Over the last five years, NRS has been on a transformation journey, leveraging modern technology such as M365, PowerPlatform, and SaaS solutions to change the way we work. As technology evolves and our digital footprint increases, so does our awareness of cyber threats, particularly for an organisation within the Critical National Infrastructure sector.

As Security Architect within our IT function, you will play a critical role in enabling us to leverage innovative technologies while understanding the risks involved. Effectively communicating these risks and mitigation strategies to business stakeholders, senior leaders, and our Cyber Security & Information Assurance (CS&IA) team is key to success in this role, alongside strategic thinking and a solid technology background."

Please note this is a hybrid role, with the expectation of working at our office in Bradley Stoke (BS32 4QQ) or another NRS site a minimum of two days per week.

Key Deliverables

The role's purpose is to ensure our NRS IT programmes and projects deliver secure-by-design solutions.

The main responsibilities include:

1. Providing advice and guidance to all project and programme stakeholders on cyber security aspects relevant to the initiatives.
2. Working closely with Solution Architects to ensure designs cover all cyber security aspects.
3. Guiding completion of Authority to Operate and Risk Balance Cases.
4. Liaising with vendors and partners to understand security requirements.
5. Collaborating with Solution Architects and CS&IA team to scope IT Health Checks and guide remediation.
6. Undertaking risk assessments for new approaches or innovative solutions like AI.

Providing advice to CS&IA on selecting and implementing solutions across NIST functions: Identify, Protect, Detect, Respond, Recover.

Developing NRS security principles and standards for IT solutions.

Working with the wider NDA group to develop cyber security strategies and standards.

Qualifications & Experience

Essential:

• Degree or higher in a relevant subject.
• Hold CISSP, CISM, or equivalent certifications.
• Member of a relevant professional institute.
• ISO27001 Lead Auditor or CISA certification.
• Senior-level experience in a related role.
• Cyber experience across HMG and OGDs.
• Knowledge of relevant legislation and regulations, including NIST, ISO standards, CESG/NCSC requirements, NDA/ONR security standards.
• Strong leadership and business skills with comprehensive technical expertise.

Desirable:

• Excellent communication skills across all organizational levels, including negotiation and explaining complex technical issues to non-specialists.
• Experience in industries like energy, utilities, construction, civil engineering.
• Hands-on experience with Microsoft Azure and M365 security solutions; ideally Microsoft Certified: Cybersecurity Architect Expert.
• Broad experience with IT solutions in data, infrastructure, end-user compute, analytics, supported by industry certifications.
• Experience with IoT and Operational Technology cybersecurity.
• Understanding of how Machine Learning and AI solutions work and their security governance.