Summary: The Security Architect role focuses on providing security architecture guidance for a major transformation project, ensuring compliance with industry standards and best practices. The position requires a deep understanding of Azure architecture, cloud security, and relevant privacy regulations. The role is critical in embedding security principles throughout the system modernization lifecycle. The contract is for six months and is classified as outside IR35.

Key Responsibilities:

• Define and maintain security architecture principles aligned with PCI DSS, ISO 27001, GDPR, Australian Privacy Principles (APPs), and relevant US privacy laws (eg, CCPA, HIPAA).
• Provide security guidance on infrastructure and software design to ensure robust security controls and compliance with regulatory and industry standards.
• Review Product design architecture and user journeys to ensure their compliance to regulations, laws and minimise any potential control gaps.
• Develop security reference architectures and blueprints for cloud-based deployments.
• Work with Architects to design compliance monitoring and controls automation against ISO 27001 and PCI DSS controls.
• Provide security input into design reviews, threat modelling, and risk assessments.
• Ensure security-by-design and privacy-by-design principles are integrated into all phases of the system modernisation life cycle.
• Liaise with compliance teams to ensure adherence to PCI DSS, ISO 27001, GDPR, Australian Privacy Principles (APPs), and relevant US privacy laws.
• Monitor and interpret emerging security trends and regulatory changes, ensuring alignment with security strategies.
• Develop a security testing approach as key components are developed and implemented.
• Conduct internal/external penetration tests and integrate automated penetration testing tools into CI/CD pipelines.
• Develop behavioral analytics for threat detection and run red/blue team incident response drills.

Key Skills:

• Extensive experience in security architecture and cloud security.
• Strong knowledge of Azure security best practices and cloud-native security controls.
• Expertise in PCI DSS, ISO 27001, GDPR, Australian Privacy Principles (APPs), and relevant US privacy laws (eg, CCPA, HIPAA) compliance requirements.
• Strong knowledge of Azure services and components, including Azure Virtual Machines, Azure App Services, Azure Functions, Azure Kubernetes Service (AKS), Azure Resource Manager, and Azure Policy.
• Experience with privacy regulations and compliance standards (eg, PCI DSS, GDPR, Australian Privacy Principles (APPs), CCPA, HIPAA).

Salary (Rate): £650

City: City of London

Country: UK

Working Arrangements: undetermined

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT