Security Solution Architect
About The Facility
HCA Healthcare UK: Winners of Best Private Healthcare Provider 2016
HCA Healthcare is London's largest private hospital group, and operates 6 world-class hospitals across the capital, including The Harley Street Clinic, The Lister Hospital, London Bridge Hospital, The Portland Hospital, The Princess Grace Hospital and The Wellington Hospital. We also run HCA Laboratories and are growing via our expanding joint ventures divisions, including partnering with the NHS.
Our primary purpose is to provide exceptional care delivered with compassion and kindness, using state-of-the-art technology operated by expert, dedicated teams. This position will be based from our new and rapidly growing IT offices in London Bridge.
This is a full time and permanent opportunity offering a competitive package dependant upon candidate experience. Along with a competitive salary, the incumbent will also receive 25 days holiday, private healthcare and our company flexible benefits scheme.
As part of a business and IT transformation exercise HCA Healthcare UK requires a Security Architect who will be responsible for the definition of security reference architectures that provide roadmaps and target state architectures for key security domains such as IdAM, Cloud, Network, Intrusion Detection, SEIM, Data Privacy. In addition to defining reference architectures, the Security Architect acts as a leader across the organization, helping to evangelize the security story and drive a culture of 'secure by design' into the HCAI environment. This role will be housed within the IT&S architecture capability reporting into our Enterprise Architect, and work closely with Head of Security and Information Governance.
The Security Architect will be responsible for the architecture for the end-to-end security of both corporate and clinical applications and will have an incredibly varied portfolio. Define and champion the technical and procedural security standards which infrastructure, support, development and clinical teams will apply. Provide inputs into the IT Security strategy to protect HCA's computer systems, networks and data accessible from both internal and external networks.Collaborate effectively with colleagues from other disciplines to define security objectives, assess solution options and devise architectural solutions that achieve both strategic business goals and meet operational requirements.
Duties & Responsibilities
- Define technical security standards and architecture covering, application, infrastructure, networks, cloud systems and data loss management solutions
- Monitor and engage with infrastructure and digital transformation project portfolio as the principle security requirements stakeholder
- Support information security risk discovery and assessments considering both technical and business perspectives
- Recommend security enhancements on
a ) Common security technologies including remote access, content filtering, access control, IDS/ IPS etc b) Microsoft/ Linux operating systems and Enterprise applications such as Exchange, SQL, SharePoint c) Network segmentation, honeypots, automated incident response, malware analysis etc.
- Validating high/ low level designs from a security perspective and recommend enhancements
- Realign the existing security architecture
- Provide inputs into target state architectures for key security domains such as SIEM, cloud offerings.
- Work with architects from the business line and from the infrastructure teams to ensure that security is 'architected' into their specific architectures, roadmaps and implementations.
- Build strong relationships with technology providers to identify security technologies that could add value to HCA and introduce them to the wider design and development community
- Ensure that new technologies are exploited in a controlled and expedient way in alignment with agreed architectures, working closely with the development community across Technology
Skills & Experience
* University studies in Computer Science, Information technology, Engineering or other related fields of at least three years attested by a diploma;
* Track records of large-scale delivery in security architecture design, building and deployment of application and infrastructure security.
* Comprehensive knowledge of industry trends, current and emerging security technologies in the area of mobile, networks and cloud services and ability to apply those to architectural needs
* Experience of enterprise architecture processes such as TOGAF or SABSA
* Strong experience in migrating enterprise companies from traditional data center, infrastructure, application and data designs to hybrid or fully-cloud enabled practices
* Understanding of security threats and attacks against the common enterprise platforms
* Experience of data encryption techniques and services; key management and trust services
* Knowledge of common mobile device and associated application architectures
* Experience with BYOD and the challenges therein
* Excellent knowledge of identity, federation and authentication technologies (e.g SAML, OAUTH)
* Evolved knowledge of networking infrastructures in particularly internet hosting, VPN and Wi-Fi as well as Web Services technologies (e.g. REST, XML, JSON)