Robert Half
Bristol, Somerset
Robert Half have partnered on an exclusive basis with an existing client in the Bristol area to recruit a Cloud Security Architect on a permanent basis. Key Responsibilities: Research, document and maintain secure design patterns. Act as a principle point of contact for Information Security advice and support, especially on new developments, projects and major changes. Collaborate with DevOps teams to help provide support & guidance around adopting security by design ethos in the development life cycle. Provide on-going consultancy to software development projects throughout the entire life cycle developing a DevSecOps culture. Engage with the Technical Architecture, Programme Management and IT Support teams to advocate security best practice and support secure decision making. Develop, document and maintain the security architecture framework, blueprints and roadmap for the organisation. Continually review and extend Security Playbooks and preventative controls, countermeasures and solutions in line with a continuous improvement framework. Support the continuous improvement of security operations for monitoring, testing and where necessary, conduct security design and implementation review audits. To deliver technical and risk-based reports and official papers relating to test findings, aligned to an agreed framework. Provide consultation for the security risk register, CEB and Architecture Review Board meetings. Test and evaluate security products. Understand and interpret Legacy infrastructure and design. Remain up to date with industry best practice, new technologies and emerging threats to evaluate and prepare for their impact to the organisation. Support security assessments, audits, and reviews to ensure compliance with the security policies, standards, and regulations. Essential Personal Characteristics: A continual passion to learn and inspire, setting a good example across the business. Strong communicator and stakeholder management skills across all levels of an organisation. The ability to plan and manage own workload, prioritise tasks and meet deadlines - including the ability to manage multiple ongoing projects. Self-starter with a "can do" attitude to get things done and able to work independently. Has a track record of proposing novel ways to move around delivery roadblocks. Solution based thinker - excellent problem solving and troubleshooting skills Analytical and interpretative abilities to transpose requirements into manageable deliverables. Excellent written and verbal communication skills and an ability to convey complex security concepts to non-technical stakeholders. A high level of documentation skills. Proactive ownership of own development to ensure that skills are kept up to date, in line with industry changes. Experience Required At least 5 years of experience in information security, preferably in a security architect role. Strong knowledge and experience in security architecture principles, frameworks, and standards. Experience in designing, implementing, and maintaining security architectures. Knowledge of security frameworks, standards, and best practices such as NIST, CIS, ISO, COBIT, OWASP. Strong knowledge and experience in various security domains, such as network security, application security, cloud security, identity and access management, cryptography, etc. Strong knowledge and experience in various security technologies and tools, such as Firewalls, VPNs, IDS/IPS, SIEM, DLP, WAF, etc. Strong knowledge and experience in various security methodologies and processes, such as risk management, threat modelling, security testing, incident response, etc. Experience in cloud security, DevSecOps, with history involving application development and agile methodologies. Extensive knowledge in cloud platforms (particularly AWS and Azure services) and prime business applications (especially top-tier ERP applications). Excellent communication, collaboration, and problem-solving skills. Ability to work independently and collaboratively in a fast-paced and dynamic environment. Ability to think strategically and creatively to solve complex security problems. Desirable A bachelor's degree in information security or industry recognised security certifications such as CISSP, CISSP-ISSAP, CISM, CEH, or SANS GIAC. Information security risk/Cyber threat modelling techniques. API integration and Security techniques. Experience working with Information security frameworks and compliance standards (eg ISO27001, Cyber Essentials Plus, NIST, SOC2 and PCI-DSS). Good understanding of the Data Protection Act/General Data Protection Regulation. Comfortable working outside of core working hours, and travelling, when necessary. Salary/logistics £75,000 - £85,000 + bonus + additional benefits Hybrid working from Bristol offices (2 days a week desirable) Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to diversity, equity and inclusion. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data:
Robert Half have partnered on an exclusive basis with an existing client in the Bristol area to recruit a Cloud Security Architect on a permanent basis. Key Responsibilities: Research, document and maintain secure design patterns. Act as a principle point of contact for Information Security advice and support, especially on new developments, projects and major changes. Collaborate with DevOps teams to help provide support & guidance around adopting security by design ethos in the development life cycle. Provide on-going consultancy to software development projects throughout the entire life cycle developing a DevSecOps culture. Engage with the Technical Architecture, Programme Management and IT Support teams to advocate security best practice and support secure decision making. Develop, document and maintain the security architecture framework, blueprints and roadmap for the organisation. Continually review and extend Security Playbooks and preventative controls, countermeasures and solutions in line with a continuous improvement framework. Support the continuous improvement of security operations for monitoring, testing and where necessary, conduct security design and implementation review audits. To deliver technical and risk-based reports and official papers relating to test findings, aligned to an agreed framework. Provide consultation for the security risk register, CEB and Architecture Review Board meetings. Test and evaluate security products. Understand and interpret Legacy infrastructure and design. Remain up to date with industry best practice, new technologies and emerging threats to evaluate and prepare for their impact to the organisation. Support security assessments, audits, and reviews to ensure compliance with the security policies, standards, and regulations. Essential Personal Characteristics: A continual passion to learn and inspire, setting a good example across the business. Strong communicator and stakeholder management skills across all levels of an organisation. The ability to plan and manage own workload, prioritise tasks and meet deadlines - including the ability to manage multiple ongoing projects. Self-starter with a "can do" attitude to get things done and able to work independently. Has a track record of proposing novel ways to move around delivery roadblocks. Solution based thinker - excellent problem solving and troubleshooting skills Analytical and interpretative abilities to transpose requirements into manageable deliverables. Excellent written and verbal communication skills and an ability to convey complex security concepts to non-technical stakeholders. A high level of documentation skills. Proactive ownership of own development to ensure that skills are kept up to date, in line with industry changes. Experience Required At least 5 years of experience in information security, preferably in a security architect role. Strong knowledge and experience in security architecture principles, frameworks, and standards. Experience in designing, implementing, and maintaining security architectures. Knowledge of security frameworks, standards, and best practices such as NIST, CIS, ISO, COBIT, OWASP. Strong knowledge and experience in various security domains, such as network security, application security, cloud security, identity and access management, cryptography, etc. Strong knowledge and experience in various security technologies and tools, such as Firewalls, VPNs, IDS/IPS, SIEM, DLP, WAF, etc. Strong knowledge and experience in various security methodologies and processes, such as risk management, threat modelling, security testing, incident response, etc. Experience in cloud security, DevSecOps, with history involving application development and agile methodologies. Extensive knowledge in cloud platforms (particularly AWS and Azure services) and prime business applications (especially top-tier ERP applications). Excellent communication, collaboration, and problem-solving skills. Ability to work independently and collaboratively in a fast-paced and dynamic environment. Ability to think strategically and creatively to solve complex security problems. Desirable A bachelor's degree in information security or industry recognised security certifications such as CISSP, CISSP-ISSAP, CISM, CEH, or SANS GIAC. Information security risk/Cyber threat modelling techniques. API integration and Security techniques. Experience working with Information security frameworks and compliance standards (eg ISO27001, Cyber Essentials Plus, NIST, SOC2 and PCI-DSS). Good understanding of the Data Protection Act/General Data Protection Regulation. Comfortable working outside of core working hours, and travelling, when necessary. Salary/logistics £75,000 - £85,000 + bonus + additional benefits Hybrid working from Bristol offices (2 days a week desirable) Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to diversity, equity and inclusion. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data:
Robert Half
QSA (IT Governance) UKFULLY REMOTE! Top SaaS company! Are you Qualified Security Assessor (QSA)? Are you living and working in the UK? Ready to take your career to another level? Do you have a PCI, QSA Qualification? Are you looking for a FULLY UK WIDE REMOTE ROLE? (this is 100% Fully Remote with some travel to client sites) Then Apply now! How many years of experience does this person need? Minimum of 2 years working in information security and GRC. What are the 3 most important things in this role? Current PCI QSA qualification. Experience with auditing and implementing other standards like ISO27001. Willingness to travel to client sites. The frequency of travel varies (THIS IS A UK BASED FULLY REMOTE ROLE) Key Responsibilities Prepare executive and technical reports detailing the assessment findings, including security gaps, and assist to identify solutions to improve the client's security posture. Perform comprehensive audits such as PCI DSS, ISO27001/27002, ISO27017/18, CCM, and SWIFT Security for IT Governance clients. Experience completing PCI DSS Gap Assessments, Risk Assessments, Third Party reviews and Reports on Compliance (ROCs) within E-commerce, retail, higher education and large service provider environments. Contribute to the overall success of the practice through a variety of activities supporting business development/sales team by answering operational and technical questions related to areas, including PCI DSS, SWIFT CSF, ISO27001/27002, and Cloud compliance assessments (ISO27017/18, CCM). Person Specification Essential Skills and Experience Minimum 2 years professional experience with sufficient information security knowledge and experience to conduct technically complex security assessments. Current PCI QSA certification supported by CISSP, CISA or CISM certification (at least one of them), or a valid ISO 27001 Lead Auditor + Lead Implementer certifications. Familiarity and experience with a variety of products and technologies such as Cloud, Virtualisation, Network Firewalls, Web Application Firewalls, Antivirus Solutions, encryption technologies and software development life cycles. 3 stage all virtual MS Teams/Zoom Video interviews will be arranged ASAP. Excellent Benefits: UK Based FULLY REMOTE ROLE 25 days holidays + 8 UK based Holidays Pension Bonus Health insurance Car allowance Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to diversity, equity and inclusion. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data:
QSA (IT Governance) UKFULLY REMOTE! Top SaaS company! Are you Qualified Security Assessor (QSA)? Are you living and working in the UK? Ready to take your career to another level? Do you have a PCI, QSA Qualification? Are you looking for a FULLY UK WIDE REMOTE ROLE? (this is 100% Fully Remote with some travel to client sites) Then Apply now! How many years of experience does this person need? Minimum of 2 years working in information security and GRC. What are the 3 most important things in this role? Current PCI QSA qualification. Experience with auditing and implementing other standards like ISO27001. Willingness to travel to client sites. The frequency of travel varies (THIS IS A UK BASED FULLY REMOTE ROLE) Key Responsibilities Prepare executive and technical reports detailing the assessment findings, including security gaps, and assist to identify solutions to improve the client's security posture. Perform comprehensive audits such as PCI DSS, ISO27001/27002, ISO27017/18, CCM, and SWIFT Security for IT Governance clients. Experience completing PCI DSS Gap Assessments, Risk Assessments, Third Party reviews and Reports on Compliance (ROCs) within E-commerce, retail, higher education and large service provider environments. Contribute to the overall success of the practice through a variety of activities supporting business development/sales team by answering operational and technical questions related to areas, including PCI DSS, SWIFT CSF, ISO27001/27002, and Cloud compliance assessments (ISO27017/18, CCM). Person Specification Essential Skills and Experience Minimum 2 years professional experience with sufficient information security knowledge and experience to conduct technically complex security assessments. Current PCI QSA certification supported by CISSP, CISA or CISM certification (at least one of them), or a valid ISO 27001 Lead Auditor + Lead Implementer certifications. Familiarity and experience with a variety of products and technologies such as Cloud, Virtualisation, Network Firewalls, Web Application Firewalls, Antivirus Solutions, encryption technologies and software development life cycles. 3 stage all virtual MS Teams/Zoom Video interviews will be arranged ASAP. Excellent Benefits: UK Based FULLY REMOTE ROLE 25 days holidays + 8 UK based Holidays Pension Bonus Health insurance Car allowance Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to diversity, equity and inclusion. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data:
