We need:- X1 Senior Enterprise Cloud Security Architect in our head offices in Swindon- 35 Hours a week on a permanent contract- Car / Car Allowance- Send in your application by 22nd February 2019Nationwide employs a mix of bespoke-developed and commercial off the shelf solutions to deliver its 'core systems' capability, but the landscape has evolved organically, and needs to be simplified and standardised to support business growth and service efficiency, and to reduce technical debt.With the recently announced £4.1bn investment in IT and change over five years, we are moving at pace to consolidate and transform our IT estate, introduce cloud solutions, and simplify our infrastructure topology to a set of best-of-breed, industry leading strategic capabilities, to realise the benefits of a simplified and reusable IT estate. In adopting industry standards and best practices, this will increase product launch agility, operational resilience and provide rich configurable functionality and services, to enable our member propositions.Enterprise Security Architecture is at the core of Nationwide's existence. We are engaged with the business domain leaders in redefining and maturing the enterprise security architecture vision for our commercial proposition, products and customer engagement to embrace 21st century challenges and opportunities of digital technologies, shifting demographics and changing threat landscape. The right individual will be able to make a real difference to the enterprise security architecture strategy, technology strategy and roadmap for this key enterprise architecture domain.
Who we're looking for
We need someone with the ability to influence, communicate, and lead the development of the vision, roadmaps and transition states, and to provide assurance of our architecture in this domain.As a minimum requirement:You will have experience in enterprise security architecture and technology in a Tier 1 financial services organisation, including one or more of the following:• Strong knowledge of Enterprise Cloud Security Architecture policies, standards principles, controls and frameworks• Strong knowledge of implementing main stream cloud vendor services, concepts and practical experience of cloud services implementation for one at least one of the main stream cloud vendors• Strong knowledge of CASB solutions and other Security as a Service platforms• Strong knowledge of architecting security controls within the cloud platforms• Strong experience of security around microservices, containerization, API and cloud security automation and orchestration technologies (Docker, OpenShift, Kubernetes, Jenkins).Other essential experience alongside product domains:• Prioritising and responding to business and technology strategies and priorities• Developing and implementing technology roadmaps• Excellent verbal and written communication with a proven track record of stakeholder engagement and influencing both business and technical stakeholders• Strong knowledge of security architecture frameworks as well as enterprise architecture standards and best practices (CSA/CIAQ, CCM, NIST, TOGAF or Zachman)• Strong knowledge of defining strategies, standards and best practices• Experience designing and architecting security solutions, frameworks, automation and orchestration to secure Cloud Infrastructure and Applications.• Understanding of cloud encryption, HSMs and identity and access management • Experience in delivery digital and cloud related security architecture projects and programs• Experience offering architectural advice and thought leadership on how to secure workloads chosen cloud platform.It would be nice if you also had:• Ability to determine business and technical requirements and establish the appropriate Security Cloud Control designs as necessary• Practical experience reviewing Enterprise Architecture designs and enhancing security solutions against company standards and industry best practice.• Experience of PaaS, SaaS, IaaS cloud architectures.• Experience of Hybrid, Public and Private cloud architectures, and integration across these existing systems with top cloud providers.Experience designing and architecting security solutions, frameworks, automation and orchestration to secure Cloud Infrastructure and Applications.Experience designing encryption solutions such as PKI and encryption at rest technologies such as HSM.Experience in Application Security, with exposure to OWASP, and Secure SDLC processes.Experience offering architectural advice and thought leadership on how to secure workloads chosen cloud platform.
What you'll be doing
You will be working in a multi-disciplinary high-performance team, developing the vision, roadmaps and transition states to move from the current to the target architecture for enterprise architecture domains supporting and delivering Nationwide's business products. You will be engaging with a wide variety of stakeholders, vendors and partners, in addition to key programmes and projects to provide oversight, direction and expertise, and to maintain alignment with the target architecture.