Information Security Architect

• Provide technical guidance and advice as the Information Security Subject Matter Expert on architecture, design, and configuration to define secure, scalable, and resilient architecture
• Perform security assessments of on premise and Cloud (private/SaaS solutions and Sodexo public Cloud/Azure) architectures and services
• Contribute to the definition of Sodexo’s Information Security best practices, security governance and processes

Shift Timing: 1:30 PM to 10:30 PM

Key Responsibility:

• Work within the IT Architecture community of practice to deliver change and support transformation
• Cultivate relationships with technical stakeholders across IS&T (Infrastructure, Networks, Applications, Service, PMO, etc.) and wider business to promote a culture of Security by Design
• Influence Information Security decisions and actions to mitigate risk
• Operate within a complex technology landscape, ensuring consistency and compliance is always maintained within Sodexo & Client environments (Cyber Essentials +, ISO27001)
• Define technical and functional security pre-requisites in projects (on premise, private Cloud/SaaS or Sodexo public Cloud) in line with IT and Information Security policies and standards
• Support the creation of RFP documentation to support bid proposals to external clients
• Review and analyse high-level and low-level design architecture documents
• Assess security risks and define appropriate security measures and processes to protect data and systems prior go-live and roll-out
• Assess external supplier’s security posture
• Assist with contract negotiation with suppliers in relation to IT & Information Security clauses and requirements
• Provide security support to migrate and/or deploy assets in Sodexo public Cloud
• Analyse business and IT requests impacting information and systems security, and propose mitigating measures
• IT & Information &Cyber Security initiatives
• Support IT & Information Security projects through identification and formalisation of requirements, testing and selection of solutions, contract negotiation, pilot, and implementation
• Contribute to the definition of IT & Information Security policies, standards, and processes
• Develop tooling to enhance IT & Cyber Security processes in line with the ‘automate first’ approach of the function
• Contribute to the evolution of Global IT & Regional IT architecture communities of practice
• Communications
• Promote IT & Information Security architecture design principles and standards
• Act as a business partner building strong relationship across the IT department and the wider business
• Conduct research into new technologies, architectures, and security products to optimise and improve Sodexo’s security policies, processes and tooling
• Ensure IT & Cyber Security risks is assessed adequately in projects and necessary actions put in place, and implemented to handle them within acceptable thresholds as defined by the Design Authority and the Global and Regional security policies
• Ensure onboarded suppliers are meeting Sodexo expectations in terms of IT & Cyber Security practices
• Deliver cutting edge IT & Cyber Security expert guidance to the business, IS&T and the IT & Cyber Security activity factoring emerging threats, technologies, frameworks and processes

Required Skills:

• 10-12 years’ experience in technical IT & Information Security roles
• Experience of reviewing and contributing to high-level and low-level technology architecture documentation and making risk-based security recommendations
• Experience of writing technical documentation, which clearly describe design decisions, technical recommendations, and implementation strategies
• Experience and knowledge of risk assessment methodologies (ISO27005, etc.)
• Experience of communicating and articulating complex IT & Information Security risk and issues in simple terms to business stakeholders and non-technical audiences
• Experience of Microsoft Azure security stack (AWS is a plus)
• Proficiency in core Information Security principles (Identity & Access Management, Infrastructure & Network Security, Cloud Security, Vulnerability Management etc)
• Knowledge of Microsoft Enterprise access model and AD tier model
• Knowledge of the Zero Trust concept
• Strong communicator with the ability to influence both technical and non-technical stakeholders
• Holder of Microsoft Azure and/or Cloud security certification(s) is a strongly desirable: CCSK, CCSP, AZ-300, AZ-301
• Information Security certifications are desirable: CISSP, CISM, CRISC,
• Experience in DevOps/DevSecOps is desirable
• Ability to gain Government Security Clearance