VodafoneThree - Secure by Design - Design Authority

Working Hours: Full time 37.5 hours per week - Monday to Friday A senior member of the Secure by Design Networks Team To review telecoms project designs and architectures against the company's cyber security policies and to communicate this to project teams To assess project designs against requirements, including the UK Telecommunications Security Act (TSA) Line reporting to the Secure by Design Manager (Networks) Guiding and embed effective security controls into Network architectures Provide Cyber Security guidance, design input and design review/assessment of complex changes Specify and scope security penetration testing of complex designs, and ensure that identified vulnerabilities are remediated Identify Cyber Security risks and ensure that these are managed effectively To assist members of the Secure by Design Networks team with understanding of designs To provide leadership, updates and guidance for cyber control implementation and their ongoing assessment and improvement Please note: Enhanced vetting may be carried out for this role. Educated to degree level and/or equivalent technical experience (preferably 7+ years) with a proven track record of delivering complex cross-domain Networks/IT solutions architectures/designs in the telecommunications industry 5 years of experience in Cyber Security role Knowledge of common information technology management / compliance frameworks such as ISO/IEC 27001, SOC 2, SOX, ITIL, COBIT, and NIST Knowledge of legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII) Protection and Payment Card Industry (PCI)/Data Security Standard An ability to think strategically and drive change A deep understanding of Tech Security risks and mitigating solutions A diverse security background with knowledge in several areas including: layered security architecture, telecoms specific architectures, internet protocols, firewalls and network segmentation, VPN technologies, SD-WAN, anti-malware technologies, risk and vulnerability assessments and compliance Demonstrable and recent track record of delivering security controls that span multi-disciplinary areas across Enterprise domains in large telecommunications environments Sound overall knowledge of fixed and mobile network architectures and methodologies to secure them Practices and methods of enterprise architecture and security architecture Network security architecture development and definition Strong organisational skills Ability to work under time and resource pressure An ability and desire to communicate and work with a broad and senior set of stakeholders A customer-focused, responsive, and transparent attitude An industry security certification. CISSP is strongly preferred An Architecture qualification (TOGAF) is desired An industry network certification (CCNA, CCNP) is desired