The Senior Lead, Security Architect will report directly to SCI’s Director of Information Security and Data Protection and will be responsible for developing security architecture and technology solutions to address the growing cybersecurity and compliance requirements of the organisation.
Working alongside Cybersecurity Operations and Information Assurance colleagues, as well as technical and business teams from across the wider organisation, and SCI’s architecture team, the role holder will continuously assess and evolve SCI’s security architecture to ensure it incorporates security by design, it remains fit for purpose in response to organisational change, evolving threats, vendor and technology developments, and emerging capabilities such as artificial intelligence. The role includes both strategic architecture design and ongoing architecture overview as part of business-as-usual operations.
Reports To: Director of Information Security, Data Protection and Global IT Operations
Work Pattern: Hybrid/Remote with flexible working options available
Location: Any approved Save the Children International office location. For a full list of locations that Save the Children International can hire in, please visit SCI Careers.
Required Time Zone: Any
Grade: P6
Right to Work: The successful candidate must possess the unrestricted right to work in their current or preferred location for the duration of employment
International Travel: up to 5-10%
Remit: Global
Principal Accountabilities
- Accountable for leading SCI’s Security Architecture domain, including the ongoing oversight and evolution of the organisation’s security architecture, performing an architecture and consultancy role for senior technical and business stakeholders to guide them in security related architectural and strategic matters.
- Develop security architecture and technology solutions to address the current and emerging security and compliance requirements of the organisation, including guidance on the secure adoption of emerging technologies such as Artificial Intelligence and automation platforms.
- Review SCIs existing security architecture, identifying design gaps, technical debt, vendor and platform evolution impacts, and recommending security enhancements. Ensure alignment between security architecture frameworks and standards with the organisation’s overall missions and objectives.
- Provide technical leadership in architecting end to end solutions that meet business needs while ensuring that the implementation is in-line with the architectural principles, industry best practices and extensible and scalable for future needs.
- Assist in the development of enterprise security requirements; planning, implementing, and testing security systems; preparing security standards, policies, and procedures. This will include the review and approval of submissions to the Enterprise Architecture Board.
- Contribute to and support the governance of security architecture through participation in the Enterprise Architecture Board and relevant governance forums, ensuring security principles are embedded across new initiatives and architectural changes.
- Proactively identify and manage technical risks/issues; assessing the security architecture against evolving threat patterns, vulnerabilities, and architectural changes, while supporting and enhancing existing information security controls.
- Maintain active awareness of industry best practices, emerging technologies, and threat landscape developments, and disseminate relevant insights to stakeholders to inform the evolution of the organisation’s security architecture.
Experience and Skills
- Proven ability to design end-to-end architecture solutions with strong business analysis/client-facing skills to engage a diverse stakeholder population.
- Security Architecture strategy and design and working effectively within application security, including secure application development (security in SDLC phases) and architecture. This will include familiarity or experience of architectural frameworks such as TOGAF and Zachman.
- Demonstrable experience of Operational Security controls and regulatory compliance and information security management frameworks (e.g., IS027000, COBIT, NIST CSF, etc.).
- Experience of securing cloud services (SaaS/PaaS/IaaS).
- Experience of threat modelling and / or attack surface analysis.
- Good knowledge of secure coding standards and best practices (CERT/OWASP/SANS/WASC/MITRE) and understand the most appropriate cryptographic techniques and how they should be used by enterprise organisations.
- Proven team leadership abilities with the ability to motivate and mobilise individuals outside their reporting line.
- Good communication skills (written & oral English), including the ability to communicate and present both at a technical and non-technical level to stakeholders of all levels
- Experience in security architecture governance and lifecycle management, including continuous architecture assessment, risk-driven evolution, and management of security technical debt.
- Familiarity with AI security considerations and governance frameworks relating to the secure adoption of AI-enabled technologies.
- Experience in developing solution architectures for Azure including Azure / Entra AD, Azure SQL and Service Fabric.
- Cultural awareness and experience of delivering solutions internationally.
- Experience in working on Enterprise/ Business Architecture strategies, roadmaps, business and technology capabilities and frameworks.
- Experience of working within an agile project delivery environment.
- Understanding of application lifecycle management, the value of TDD and continuous integration.
- Experience supporting secure adoption and governance of Artificial Intelligence technologies, including risk assessment and architecture design for AI-enabled systems.
- Clear understanding of web services (REST, SOAP), SOA, CQRS, Messaging systems (ESB), distributed systems, file transfer protocols, and direct SQL interactions.
- Experience of configuration management / change management.
Education and Qualifications
- Degree or diploma in Computer Science / Business Technology / Cybersecurity / Information Security, or relevant experience.
- Hold a Cybersecurity Masters Degree or a recognised cybersecurity or information security certification (i.e. CISSP, CISM, CompTIA Security+, CEH, etc.).
Diversity, Equity and Inclusion and Equal Opportunities
DEI is core to our vision, values and global strategy. Save the Children is committed to creating a truly diverse, equitable and inclusive organisation, and one which will support us in our vision to ensure every child attains the right to survival, protection, development, and participation.
We are committed to equal employment opportunities, regardless of gender, sexual orientation, race, colour, ethnic origin, nationality, disability, marital or civil partnership status, gender reassignment, pregnancy and maternity, caring or parental responsibilities, age, or beliefs and religion. We are committed to diversifying our staff to better represent the communities we serve and actively welcome underrepresented groups to apply.
Reasonable adjustments will be made should any candidate invited to interview require this.
#J-18808-Ljbffr