Architect - Security
Architect - Security
- Location(s): UK Wide
- Salary: Competitive
- Contract Type: Permanent
- Ref: R00TR00966
- Closing Date: 06 December 2021
- We're happy to consider flexible working approaches for this role
You will provide direction, guidance and support to delivery teams working on a viariety solutions for both colleagues and members, with a particular focus on Identity and access management, and priviledged access management. This will include developing solution overviews and designs, threat models, and architectural patterns.
At Nationwide we openly put our 15 million members at the centre of every decision we make as a business. Every role, no matter what it’s doing, is member focused.
This opportunity is within the Enterprise Security Technology (EST) team, and part of the Architecture Centre of Excellence. EST have a challenging mandate to architect, engineer and assure the delivery and consumption of effective and pragmatic security controls as an enabler for innovative solutions across our hybrid on-premises and cloud IT environments. We want your expert guidance within Nationwide to cement our reputation for always being there when it matters, with services that our members can trust.
Your success isn’t based on how long you spend at your desk. You’ll have contracted hours, but we’re always happy to support flexible working wherever we can. That might mean working from home or different Nationwide offices or agreeing a working pattern to help you balance work and life. We will always strive to find a way that works for everyone.
If we receive a high volume of relevant applications, we may close the advert earlier than the advertised date, so please apply as soon as you can.
What you’ll be doing
A Security Solution Architect within EST offers a genuinely ever-changing day-to-day experience. Working closely with technology delivery teams you will help to identify and document the key actors and architectural threats to Nationwide solutions; and where security policy, standards and regulatory requirements apply, communicate in simple and actionable terms what compliance means.
In conjunction with Security and Resilience colleagues you will identify solutions that mitigate threats to within risk appetite and ensure that solution delivery is compliant with security policy, standards, and regulatory requirements.
You will be part of a team managing the EST technology controls framework ensuring a roadmap for maturity, coverage and effectiveness is maintained. Coherent, repeatable, and practically consumable advice is critical to our efficiency and success, and you will be part of a team responsible for the creation of knowledge artefacts that provide practical thought leadership to our architecture and engineering colleagues.
Candidates should exhibit significant prior experience, interest, or aptitude in the following areas:
- Identity and Access Management Security Domain experience in the engineering, architecture and design of scalable, supportable, and effective control capabilities from key industry suppliers (including Identity Governance, Directory Services, Identity Providers, Privileged access Management, Multi Factor Authentication, Single Sign On, and technologies such as OAuth and Open ID and FIDO);
- Threat Modelling using common industry techniques (such as STRIDE, Attack Trees, PnG), and working with a recognised risk framework to evaluate severity and priority.
- Threat evaluation and documenting enterprise-level architectural solutions that mitigate, or offer a risk aligned roadmap to mitigation.
- Professional qualifications in security and relevant technologies and practices, with a passion for continual improvement (such as MS Active Directory, Azure AD, CyberArk, Sailpoint, ForgeRock, Secure ID).
- An understanding of identity and access management architecture best practices, and of existing and emergent technologies and practices (such as Zero Trust Architecture, Cloud Identities and Federation, Well Architected Framework).
- Working with and maintaining a security controls coverage and maturity framework (such as NIST CSF, ISO27001, CSA-CCF, MITRE).
- Evidence of working with security policy, standards, and security audit findings, and transforming them into clear and practical guidance and advice.
- A good general appreciation of enterprise-wide security threats, controls and principles including Cloud Security, SIEM, Identity and Access Management, Data Loss Prevention, Anti-malware, Email and Messaging security, CASB, Host Security, etc.
We’re also interested in who you are as a person. Why? Because our membership is made up of so many different kinds of people, so we want our employees to be just as diverse. We’d love to hear about:
- Your values, and what makes you who you are
- How you’d make a difference to our members in this role
We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.
The extras you’ll get
There are all sorts of employee benefits available at Nationwide, including:
- A personal pension – if you put in 7% of your salary, we’ll top up by a further 16%
- Up to 2 days of paid volunteering a year
- Life assurance worth 8x your salary
- A great selection of additional benefits through our salary sacrifice scheme
- Access to an annual performance related bonus
- Access to training to help you develop and progress your career
- 25 days holiday, pro rata
Why work at Nationwide
We’re different from other financial service providers. We’re a building society, owned by our members. And for over 130 years, we’ve supported those members to make the most of their money and achieve what they want from life.
That’s reflected in the way we work here at Nationwide. We come together to make sure we’re doing things in the best way possible, both for each other and for our members. If you join us, you’ll be part of that. You’ll be able to help us build something really quite special. And you’ll have the opportunity to make a real difference.
On top of that, we always want you to be yourself. To use your skills and experience to make our Society stronger. To feel valued for who you are, not just what you do. Because here at Nationwide, we understand that we can do more together than we ever could alone.
What to do next
If this role is for you, please click the ‘Apply Now’ button. You’ll need to attach your up to date CV and answer a few quick questions for us.
We respond to everyone, so we will be in contact shortly after the closing date to let you know the outcome of your application.