Description
Contract Duration: 6 month contract (rolling)
IR35 Status: Outside iR35
Start Date: Start ASAP
Role Overview:
We are seeking a Security Architect to play a critical role in a major transformation Project. You will be responsible for providing security architecture guidance, ensuring industry standards are met, and embedding security best practices. We are looking for a deep understanding of Azure architecture, cloud security, privacy regulations, and compliance standards.
Key Responsibilities:
- Define and maintain security architecture principles aligned with PCI DSS, ISO 27001, GDPR, Australian Privacy Principles (APPs), and relevant US privacy laws (eg, CCPA, HIPAA).
- Provide security guidance on infrastructure and software design to ensure robust security controls and compliance with regulatory and industry standards.
- Review Product design architecture and user journeys to ensure their compliance to regulations, laws and minimise any potential control gaps.
- Develop security reference architectures and blueprints for cloud-based deployments.
- Work with Architects to design compliance monitoring and controls automation against ISO 27001 and PCI DSS controls.
- Provide security input into design reviews, threat modelling, and risk assessments.
- Ensure security-by-design and privacy-by-design principles are integrated into all phases of the system modernisation life cycle.
- Liaise with compliance teams to ensure adherence to PCI DSS, ISO 27001, GDPR, Australian Privacy Principles (APPs), and relevant US privacy laws.
- Monitor and interpret emerging security trends and regulatory changes; ensuring alignment with security strategies.
- Develop a security testing approach as key components are developed & implemented.
- Penetration testing - Conduct internal/external penetration tests; integrate automated penetration testing tools into CI/CD pipelines.
- Develop behavioral analytics for threat detection; run red/blue team incident response drills.
Key Skills & Experience:
- Extensive experience in security architecture & cloud security.
- Strong knowledge of Azure Security best practices & cloud-native Security controls.
- Expertise in PCI DSS , ISO 27001 , GDPR , Australian Privacy Principles (APPs) , & relevant US privacy laws (eg CCPA , HIPAA) compliance requirements.
Additional Requirements:
Strong knowledge of Azure services & components including:
- Azure Virtual Machines
- Azure App Services
- Azure Functions
- Azure Kubernetes Service (AKS)
- Azure Resource Manager
- Azure Policy
Experience with privacy regulations & compliance standards including:
- PCI DSS
- GDPR
- Australian Privacy Principles (APPs)
- CCPA
- HIPAA