Technical Security Architect - Infrastructure & Data

Job Description

You will provide direction and solutions to product owners and delivery teams working on a variety solutions for both colleagues and members. This will include developing solution overviews and designs, threat models, and architectural patterns.

At Nationwide we openly put our 15 million members at the centre of every decision we make as a business. Every role, no matter what it’s doing, is member focused.

This opportunity is within the Security Architecture team, and part of Security and Resilience. The team have a challenging mandate to architect, engineer and assure the delivery and consumption of effective and pragmatic security controls as an enabler for innovative solutions across our hybrid on-premises and cloud IT environments.

We want your expertise within Nationwide to cement our reputation for always being there when it matters, with services that our members can trust.

A Security Solution Architect within Nationwide offers a genuinely ever-changing day-to-day experience. Working closely with technology delivery teams you will help to identify and document the key actors and architectural threats to Nationwide solutions; and where security policy, standards and regulatory requirements apply, communicate in simple and actionable terms what compliance means.

In conjunction with Security and Resilience colleagues you will identify solutions that mitigate threats to within risk appetite and ensure that solution delivery is compliant with security policy, standards, and regulatory requirements.

You will be part of a team managing the technology controls framework ensuring a roadmap for maturity, coverage and effectiveness is maintained. Coherent, repeatable, and practically consumable advice is critical to our efficiency and success, and you will be part of a team responsible for the creation of knowledge artefacts that provide practical thought leadership to our architecture and engineering colleagues.

The members of the team fulfil a number of different roles and you will have the opportunity to use your existing knowledge and develop your skills and expertise between working with teams building critical member facing applications, key enterprise security controls, shaping strategic roadmaps and future initiatives, producing architecture patterns, developing and improving the practices and services offered by the team and people management.

You will have a background in hands on technical roles such as operations, second- or third-line support, engineering, or development. We have several roles and are looking for a variety of candidates with different areas of specialist knowledge to work with different parts of the business. You will be able to show significant prior experience, interest, or aptitude in one or more of the following areas:

• Data security: Privacy, PCI-DSS, Cryptographic techniques, data analytics platform security.
• Producing secure solution designs and roadmaps
• Threat Modelling using common industry techniques (such as STRIDE, Attack Trees, PnG), and working with a recognised risk framework to evaluate severity and priority.

On a more general level you will have:

• A good general appreciation of enterprise-wide security threats, controls and principles across the above areas
• Experience or aptitude for threat evaluation and documenting enterprise-level architectural solutions that mitigate, or offer a risk aligned roadmap to mitigation. Producing artefacts such as Solution designs, patterns, reference architecture and principles.
• An appreciation of working with security policy, standards, and security audit findings, and producing them into clear and practical solutions.
• Experience working with and maintaining a security controls coverage and maturity framework (such as NIST CSF, ISO27001, CSA-CCF, MITRE) and enterprise policies and standards.
• Professional qualifications in security and relevant technologies and practices, with a passion for continual improvement
• Experience of people management

We’re also interested in who you are as a person. Why? Because our membership is made up of so many different kinds of people, so we want our employees to be just as diverse. We’d love to hear about:

• Your values, and what makes you who you are
• How you’d make a difference to our members in this role

There are all sorts of employee benefits available at Nationwide, including:

• A personal pension – if you put in 7% of your salary, we’ll top up by a further 16%
• Up to 2 days of paid volunteering a year
• Life assurance worth 8x your salary
• A great selection of additional benefits through our salary sacrifice scheme
• Access to an annual performance related bonus
• Access to training to help you develop and progress your career
• Gympass – Access to a range of free and paid options for health and wellness.
• 25 days holiday, pro rata

]]>