Skip to main content

IT Risk and Security Architect

INEOS Automotive – Grenadier – Built On Purpose

Story so far

Since Sir Jim Ratcliffe announced Project Grenadier in 2017, our team at INEOS Automotive has grown rapidly. From a start-up to the scaled business we are now, we’ve hit some huge milestones along the way. Despite some global challenges, we brought our first vehicle, the INEOS Grenadier, from a vision to prototype and to market in just five years. And now, as the first customer deliveries of our INEOS Grenadier have begun, we look to the future with our first all-electric vehicle.

People and Culture

With around 1500 employees, 10 locations and 44 nationalities, we’re an international team working together to challenge the ordinary. We welcome people who mirror our values: Spirit of ownership, who take responsibility and make things happen. Delivering quality work, with ambition to deliver outstanding results and who have a community mindset, believing together everyone achieves more. Creativity and initiative are encouraged to support your career development.

We’re doing things differently.

If this sounds like you, let’s talk.

The role

The IT Risk and Security Architect will help to establish and maintain a risk management framework aligned with NIST/IRAM2, in addition to this performing threat and risk assessments, create high level/low level security architecture designs and assist the IT security manager with the realisation of the information security roadmap.

Responsibilities include (but are not limited to):

Risk Management

  • Responsible for establishing and maintaining a risk management framework that is aligned with NIST, IRAM2, ISO and GDPR.
  • Maintaining the information security risk register. Lead the migration of Risk Register from excel spreadsheets to a dedicated risk management platform (Acuity Stream).
  • Ensuring risks are monitored and reported, while mitigation plans are proposed and followed up.
  • Consulting with senior technology and business leaders regarding information security risks and their role in minimising exposure to those risks.
  • Leading internal information security risk audits including, but not limited to, ISO27001 and ISO22301.
  • Helping to design and implement a robust third-party assurance framework that enables the business to gain oversight of risks across the ecosystem.
  • Actively participate on the IT Change Board meetings as one of the approvers.

Security Architecture

  • Performing threat and risk assessments, working closely with the enterprise architect to ensure INEOS Automotives digital solutions adhere to security architecture and privacy best practices.
  • Creating high-level/low level security architecture designs
  • Auditing the security architecture of the existing information systems.
  • Define the security requirements in compliance with standards and regulations.
  • Assisting with the identification and triage of information security threats and helping to manage the response to security breaches.

Security Operations

  • Assisting with the implementation and on-going management of information security solutions within INEOS Automotive.
  • Supporting the development of information security policies and processes.
  • Supporting the activities required to achieve ISO 27001 certification.
  • Performing technical security assessments using tools such as Kali, Nessus and Burpsuite.

Relationship Management

  • Establish and maintain effective relationships and governance arrangements with senior stakeholders.
  • Provide effective independent escalation and reporting of any security issues, risks and deficiencies to the IT security Manager and Automotive IT teams
  • Actively participate in the INEOS Global Security Team.

Requirements

  • 5+ years information security operations experience in a medium/large multinational organisation on a similar role.
  • Professional IT/security qualifications (CISSP,CRISC, CISM, CISA,GSEC) or equivalent professional certification.
  • Relevant architectural experience, including an understanding of NIST, SABSA, TOGAF or equivalent frameworks.
  • Experience with Cloud Platforms, Azure DevOps, Active Directory, Windows and Linux servers, SQL Server, Firewalls, WAFs, End Point Security, Virtualization Technologies, Mobile Device Management, VPN.
  • Excellent knowledge of information security risk management frameworks and compliance practices.
  • Knowledge of NIST CSF and 800-53, ISO 2700X, SOC2 security frameworks.
  • Ability to assess information system processes and processing technologies for threats, vulnerabilities and risks.
  • Ability to express technical information security issues in business terms.
  • Resilient, with the ability to challenge senior stakeholders on information security issues.
  • Ability to challenge/negotiate with third-party vendors on information security issues
  • Ability to develop security standards and guidelines based on best practices, regulatory requirements and industry standards.
  • Excellent knowledge of cloud security best practices (IaaS, SaaS, PaaS) – Azure/AWS experience a plus.
  • Good basic networking knowledge, excellent knowledge of network security.
  • Ability to work as part of an extended IT security team.
  • Ability to build and maintain productive, strategic relationships within the business and third-party suppliers.
  • Excellent oral/written communication skills
Clicking this link will take you to an external site where you can continue with your application