General information

Job Title
Security Architect
Ref #
23879
Date
Monday, August 15, 2022
Country
United Kingdom
Location
Woking
Business area
IT
Department
IT
Position level
F - Principal / Senior
Working time
Full Time
Contract type
Permanent
Working pattern
9am - 6pm Monday to Friday

Description & Requirements

Background

No restraints. No limitations. We don’t simply push boundaries. We completely rethink them. McLaren Automotive exists to create breath-taking performance road cars.

With innovation at the core of all we do, every challenge starts with the same question. How can we do it better? This restless spirit runs right through McLaren Automotive. And the search for perfection is evident in everything we do.

Purpose of Role
  • The Security Architect is a key role within the McLaren Cyber Operations team. Its purpose is to:
  • Identify, design and assist in deployment of new security capabilities and projects across McLaren Group.
  • Contribute and review security aspects of IT delivered business projects. Ensuring the security of McLaren is a priority utilising a ‘secure by design’ approach. 
  • Establish and maintain security landscape and roadmap documentation.
  • Stay current on latest trends and technologies in the security industry, which have the potential to improve security. 
  • Produce security specific policies for publication to the wider business and provide security requirements for IT policies / standards when needed. 
  • Define, run and review penetration tests across the McLaren IT estate to assess risk in business systems.
Principal Accountabilities
  • Review new business demand submitted via the ‘Demand Management’ process. 
  • Identify opportunities in new and emerging security technologies that could benefit McLaren.
  • Design and project manage the deployment of new security controls, systems or tools across the McLaren IT estate. Assisting with maintenance when required.
  • Author the ‘High Level Security Design’ section of IT project documentation (HLDs) in coordination with the wider IT architecture function. 
  • Drive the ‘secure by design’ mindset and practices, to root security into the core design principles of new IT systems. 
  • Establish and maintain current security landscape documentation that shows security controls and their logical deployment across the IT estate. 
  • Produce security focused technology roadmap documentation and consult on core IT roadmaps from a security perspective. 
  • Using a risk based, business approach, scope and execute penetration tests on McLaren IT systems. The remediation of findings is to be managed to resolution through the respective business owners. 
  • Helping form root cause analysis (RCA) remediation options based on incident reports that highlight gaps in capability.
  • Own and deliver on key small security projects to remediate operational issues identified by the Cyber Ops team. Utilise process / technology solutions to bring identified risks back into line with agreed standards / policies.
  • Assist in reporting on relevant security metrics to demonstrate the value of Cyber services and highlight key risk indicators for distribution. 
  • Produce and maintain security specific policies for publication to the wider business as part of the IT policy framework. Liaising with relevant legal, HR and comms teams where needed.
  • When needed, provide security requirements for policies / standards published by IT, HR or Legal teams. 
  • Sharing training to improve employees' knowledge and skills for future organizational growth.
Knowledge, Skills and Experience

Essential;

  • Experience in configuring, managing and reporting on the effectiveness of common security products.
  • Understanding of the operation and management of core technologies, such as: DHCP, DNS, Kerberos, Group Policy.
  • Understands security holistically, from the people, process and technology perspectives.
  • Understanding of ITIL and typical IT operations processes.
  • Experience of designing and implementing new security systems aligned to business standards and goals. 
  • Experience of assessing IT High Level Designs for security risks or insecure configurations, offering secure alternatives. 

 

Desirable;

  • Experience in identifying security control gaps and typical solutions to close such gaps.
  • Experience in engaging and managing third parties of security products or services.
  • Knowledge of the Cyber Security threat landscape; including emergent issues and trends.
  • Knowledge of multiple security products and their relative merits and limitations.
  • One or more relevant security certifications, such as CISSP/SSCP, CISA/CISM, CISMP, Security+ and/or vendor-specific security certifications.
Personal Attributes
  • The Security architect will work closely with all McLaren businesses where McLaren Group provide IT architecture services.
  • Close liaison with the Service & Operations community, including Infrastructure, Networks, Backups and Service Desk.
  • Regular discussions with Cyber Security Operations Manager to provide updates on ongoing security projects, core IT projects of concern. 
  • Engagement with Cyber Security suppliers & partners to extract maximum value from procured services, present and future.