Enterprise Security Architect
At OneWeb, we’re on a mission to provide affordable, high-speed Internet access for the world’s unconnected and to achieve the #1 target of the World Society of Information Systems – to create a community access point at every school in the world. We realize this isn’t easy, but we have designed a combination of satellites and ground systems that we know can achieve this, and we believe it is too important not to do. Eliminating extreme poverty, enabling relief for communities during emergencies or disasters, providing health care, clean water and education, starting a business, individual empowerment and civic transparency are all important goals and Internet access is a foundation for solving these global issues.
OneWeb is a technology and infrastructure provider. Our infrastructure enables Mobile carriers, ISPs, and governments, to provide Internet Access to their local and remote populations. Our team’s talent spans fields from semiconductor design, telecom core network and small cell production and deployment, to hyper local rural regulatory and educational challenges. We are developing leading edge technology to solve some of the world’s largest problems – and having a lot of fun doing it!
If building the infrastructure to connect two million schools is something you would like to make happen, then joining OneWeb may be a great personal and career move. We can provide an intellectually challenging workplace and fast growing opportunity with a clear purpose. Come join the team that is making affordable communication ubiquitous on a global scale.
Working as a key member of the Chief Security Architect’s (CSA) team, working alongside key members of the CIO & CISO’s team, to develop an Enterprise level Security Architecture and Technical Security Control framework that will ensure the implementation of all identified technical controls are appropriately selected and correctly assessed as part of a consistent and repeatable delivery model. The role is key in meeting the Information Assurance (IA) requirements and managing residual risk, in the context of the ongoing business operational and strategic requirements.
- Work closely with the CSA to develop a cohesive security architecture framework and operating model focusing on the global network, to ensure that each system and business segment has appropriate, approved technical security controls to defend and detect against APT attacks.
- Ensure network related solutions support and comply with the various global Data Protection Act requirements including US ITAR and any other relevant legislation and/or regulation compliance that is required.
- Can clearly identify any conflicts of interest, legal exposure, ethical challenges and possible internal/external malpractice as part of their core work activities. Can explain issue in a clear way to the appropriate internal governance forum or Senior Management Team affected.
- Delivery of specific projects and initiatives as agreed by the CSA
- Review Change Proposals (CPs) / Requests for Change (RFCs) for security considerations, ensuring peer reviews are conducted for all Delivery Assurance Reviews (DARs) / Solution Assurance Reviews (SARs) for alignment with wider security strategy and architecture
- Actively support the Security Improvement Programme (SIP) initiatives within the business areas and fulfilling any other security related management issues that may arise,
- Input into a programme of certification and the actions necessary to maintain these certifications across the organisation, providing regular progress reports and guidance to the CISO as required.
- Keep their technical skills current in the context of the technical security infrastructure and applications deployed within the organisation, as well as surveying the future technical landscape in order to advise the organisation on the vulnerabilities and countermeasures required to mitigate risks in future operating model architectures.
- Must be willing to attend security seminars and events and actively enhance their skillset through training and certification where required to assist the business in getting the most value from their security spend.
- Build and maintain a core network of contacts so that questions can be answered quickly, ensuring that the organisation benefits from the wider IA knowledge within Government, commercial or industry bodies which in turn contributes to a wider body of knowledge.
- Deliver the contractual obligations of Security and IA, as set out in the OneWeb contracts
- Management and reporting of specific risks for which you are appointed risk owner/manager
- Develop and support the Security Architecture frameworks used and risk documentation for any security controls across the wider business and work closely with the Head of Enterprise Architecture and the Head of Operations to achieve this.
- Support the CSA in defining the standards for the security controls
- Must be prepared to travel globally on a regular basis as and when required due to the nature of the business operational landscape.
Required Skills and Experience:
- Be a formal member of a professional IT or security body (e.g. IISP, BCS)
- Hold CISSP (Ideally must have been held for 3 years to prove CPD development and experience)
- Thoroughly understood and applied the principles of INFOSEC Standards within Government (either US or UK) and Commercial landscapes
- Have a good understanding and appreciation of PCI DSS standards and typical compensating controls
- Strong technical background (Specifically network security design principles for applications, systems and supporting infrastructure)
- Deep network knowledge (DNS,Proxies, OSPF, MPLS, BGP etc.)
- Excellent communication skills, both written and verbal
- Excellent analytical and problem solving skills
- Need to be a “Self Starter” and someone who can work without the need for constant supervision or guidance, but can recognise when further guidance should be sought and from whom, should their work efforts require it.
- Ability to prioritise workload and work well under pressure to meet firm deadlines and manage business expectations
- Excellent presentation skills with the ability to present complex ideas to technical and non-technical audiences. It is particularly important to be able to express security risks in business terms to a business audience.
- Strong negotiation skills to influence cost and risk based decisions within either a business or technical audience
- Understanding and experience of business and technical information security concepts including risk management and defence in depth
- Have a Strong technical background, with ability if required to undertake “hands on” delivery in areas such as PKI, Microsoft, Unix environments and network management etc.
- Ability to organise and coordinate technical team efforts in a logical and consistent way to support operational business objectives
- Must have a good understanding of security incident response and forensic level activities related to the architectures delivered
Preferably from a TelCo background – with any of the following would be advantageous
• A networking architecture design skillset and background
• Cloud network service integration skills or qualification/certification
• In-depth understanding of LTE and EnodeB telco environments
Preferably from a TelCo background – with any of the following would be advantageous
• A networking architecture skillset and background
• Cloud service integration skills or qualification/certification
• Have used an architecture toolset like Troux or similar
• Integrated or setup a security architecture toolset within a large organisation
Information Security (SCTY)
• Ability to evaluate information security risk assessments
• Maintain up-to-date knowledge of emerging threats, vulnerabilities, and technology trends and developments relevant to IT security.
• Maintain and develop the Enterprise Security Architecture.
• Direct investigation of specific IT security technologies, products, methods and techniques to assess their potential benefit to the business.
• Produce and contribute to policy, IT security technical standards, processes and architectures required to support the implementation of secure systems and services at acceptable cost and risk.
• Influence major change programmes, so that they align to and meet policy and requirements.
• Maintain awareness of Information Assurance and Security regulations and related legislation.
• Develop and implement PKI and Protective Monitoring Solutions, and other appropriate technical controls in support of ISO27001, ISAE3402 and PCI DSS and operational imperatives to safe guard systems against highly motivated and well- funded threat actors
Information Assurance (INAS)
• Provides authoritative advice and guidance on Information assurance strategy to manage risk.
• Develops and maintains Information Assurance processes and procedures that apply IA standards in the organisation business context.
• Monitor compliance against IT security requirements and policy.
• Ensure that systems conform to NIST standards or are appropriately risk managed.
Stakeholder Relationship Management (RLMT)
• Presents a professional image of self and organisation to manage, develop and facilitate open, constructive, pro-active communication with key IA stake holders - including CISO, SIRO, Head of Security, Information Assurance Officers (IAOs), Technical teams and operational business areas.
• Able to fully understand and disseminate wide range of information (technical, business and IA) to facilitate and ensure that the IA components of the decision-making processes are business enabler.
Technology Audit (TAUD)
• Identifies audit requirements of existing and planned information system evaluating areas of risk to assess the adequacy and effectiveness of organisation's approach to risk in use of Information.
• You will be able to communicate associated risk cases of a complex nature to middle and senior manager and recommend changes in processes and control procedures based on audit findings. (This will include discussions with providers of other IT Assurance such as Penetration testers, IT Health check teams, 27001 auditors and other technical specialist).
• Clear understanding of the requirements for 3rd parties to meet the full security flow downs from all/any existing contractual obligations of the business and be able to audit against these requirements if asked to do so.
Service Planning (SRVPL)
• Continuous Process / Service Improvement.
• Review of continuous improvement initiatives and encourage innovative thinking
• Identify areas where the costs of services can be reduced or user behaviour can be changed to reduce IT spend
• Recommend service improvements
• Develop and Execute Security improvement strategy
• Help Manage the future capability & capacity of the security personnel within the team and operations.
Meet Some of OneWeb's Employees
Fleet Management Engineer
Vikram manages the Launch and Early Operations Team and space to ground interface for OneWeb. He ensures perfect positioning of satellites during launch in order to provide optimal service to end users.
Back to top