Cyber Security Architect

The Cyber Security Architect works in our Cyber Fusion Centre, and is responsible for ensuring the safety and security of our business assets and interests. You will be responsible for designing, building, and implementing security solutions to protect us against sophisticated cyber threats. You will need to be able to translate business needs into security requirements, ensuring that systems and data are protected from unauthorised access and potential breaches.

You will work closely with our Red and Blue Teams to identify vulnerabilities and control gaps, and turn these into a pipeline of continuous improvement for our cyber defences. You will work directly with our Cyber Security Engineers to design, build, implement and maintain the security controls needed to manage our cyber risks within agreed appetites. You will also be responsible for engagement with project delivery teams from across our business, where you will provide expert security advice and guidance in support of their business objectives. You will need experience working with a multitude of different architecture and delivery methods, have a strong technical background and be able to work in a high-paced operational environment.

The role is based in either York (UK) or Lisbon (Portugal) and is a permanent position. You will report directly to our Fusion Centre Delivery Lead, with a dotted reporting line to our Enterprise Security Architect. Travel to other team locations will be required as necessary.

Key Responsibilities

· Gather, analyse and prioritise requirements for security architecture and systems design.

· Develop and maintain a robust roadmap of security controls based on agreed objectives and priorities.

· Evaluate current security measures, analyse vulnerabilities and control gaps, and recommend improvements to mitigate risks.

· Perform technical risk and control assessments in support of the overall risk management lifecycle.

· Design and implement operational security capabilities, and measure the effectiveness of controls over their entire lifecycle.

· Support the development and maintenance of technical security policies, standards and processes.

· Research emerging cyber security trends, threats and technologies that can be used to improve our security posture.

· Define and govern delivery pipelines and plans to ensure controls are delivered on time and in budget.

· Support the development and maintenance of the security engagement model

· Maintain detailed documentation relating to security systems design, including traceability to the requirements and any control assurance evidence.

· Ensure we continue to comply with all relevant statutory and regulatory security commitments.

· Support the incident response lifecycle with the design and implementation of measures to contain the impact of a breach and prevent future incidents from occurring.

· Deliver education and training initiatives to raise awareness of cybersecurity, helping to ensure we cultivate a secure by design culture across our business. Provide technical expertise and support to a team of security engineers and analysts.

· 5+ years experience working in a security architecture or security operations role.

· Excellent working knowledge of capability oriented security architecture and design.

· Excellent working knowledge of Agile delivery methods, including DevSecOps models.

· Excellent working knowledge of requirements analysis and systems engineering.

· Excellent analytical skills with the ability to work under own initiative.

· Proven experience in governing and delivering security projects.

· Comprehensive knowledge of the latest tactics, techniques and procedures and how to mitigate.

· Comprehensive working knowledge of commonly used security technologies.

· Good presentation and technical design writing skills.

· BSc or MSc in Cybersecurity is desirable.

· Cybersecurity architecture qualifications from bodies such as SANS, CREST and ISC2 are desirable.

· Industry recognised vendor certifications in security technologies are desirable.

Hiscox is a diversified international insurance group with a powerful brand, strong balance sheet and plenty of room to grow. Listed on the London Stock Exchange and headquartered in Bermuda (with the bulk of group leadership sitting in London), Hiscox has over 3,000 staff across 14 countries and 34 offices.

Structured by geography and product, Hiscox's long-held business strategy has helped them grow from a niche Lloyd's underwriter to an international insurance group with a powerful and trusted consumer brand. Hiscox is comprised of the following business units, At Hiscox we care about our people. We hire the best people for the job and we're committed to diversity and creating a truly inclusive culture, which we believe drives success.

Working life doesn't always have to be in the office, so we have introduced hybrid working to encourage a healthy work life balance. This hybrid working model is set by the team rather than the business to enable you to manage your own personal work-life balance.



We see it as the best of both worlds; structure and sociability on one hand, and independence and flexibility on the other.



Our benefits package includes a bonus, contributory pension, 25 days annual leave plus 2 Hiscox days and a 4 week paid sabbatical with every 5 years' worth of service, private medical for all the family and much more.

Work with amazing people and be part of a unique culture