Cloud Security Architect for Hire

Work Experience

JIRA

01/01/17 - 01/01/18

large Tier-1 Bankpart of the Global Information security Architecture team reporting to the Head of Security Architecture and primarily responsible for defining the end-to-end security architecture, strategy, roadmaps, Principles, Controls and patterns for Bank's AWS workloads and championing Cloud migration. Owning the Security architecture for AWS, IAM and API consumption while ensuring the proposed architecture and solutions are aligned with Enterprise security standards, patterns and guidelines.Responsibilities and duties:- Delivery of a number of Digital and Cloud related global Security Architecture projects. Act as a SME in the design and development of architectures (including related architectural patterns), which are aligned withBank's standards as well as IT and business strategy, meet business objectives, and satisfy all relevant regulatory and operational risk controls. Work closely with the Enterprise, Technical, Data or SolutionsArchitecture disciplines. Focus is on Cloud technologies (e.g. AWS), IAM, as well as API, micro services following an Agile methodology using DevOps toolsets.- Influential in the continued development of Cloud architecture standards, Principles and Controls.- Act as an AWS, IAM, API subject matter expert, contribute to the development of Cloud and API standards to identify and implement new practices, processes and technologies where required.- Ensure Cloud compliance with all relevant internal instructions (Internal risks team and auditors) and externalregulatory requirements, including the management of operational risk and adherence to the group'sstandards (ISO2700x, PCI-DSS) of ethical behaviour.- Ensure that non-functional requirements for Cloud are clearly understood, rationale for holistic design & its components are provided, designs are peer reviewed and endorsed by the appropriate Architecture Board.- Introduce new Cloud products, services, technologies and standards where needed against identified use cases- Actively promote the benefits of Cloud architecture, accepted Cloud best practice techniques, standards and tools to other areas of the group and external suppliers where necessary.- Provide control framework and define controls for consumption of all AWS services and components. As well as define IAM and API strategy, architecture, principle and control.- Mentor and coach less experienced members of staff and promotes an understanding of the value of architecture and of use of technologies and standards in their domain across IT.- Adhere to evergreening priorities for global business, global functions.- Work closely with developers, testers, support staff, architects and a variety of other internal stakeholders to ensure technical and operational compatibility for agreed solutions- Drive partnerships with technology vendors to influence industry direction- Ensure all teams within IT Security are in sync with respect to Cloud security related topics- Ensure Cloud assurance and Governance is inline with, compliments Bank's existing processes- Work closely with the feature teams and ensure security is embedded in the design phase by participating indaily stand-up's, SCRUM's, Retrospectives and architecture catch-up's as well as collaborating with thefeature teams using JIRA, KANBAN boards etc.- Work with Security consultants, Risk teams to ensure systems are reviewed for compliance with Bank'spolicies and architecture strategy. Ensure that any identified technical risks are highlighted appropriately and remediated to business appetiteWork closely with Vendors / Partners where required to better understand practice and process in design andimplementation of solutions

Sainsbury's Supermarkets Ltd

01/09/16 - 01/12/16

primarily responsible for defining the end-to-end security architecture for Sainsbury's AWS workloads. Owningthe Security architecture for a Marketing Innovation (NDA) programme, while ensuring the proposed architecture and solutions are aligned with Enterprise standards, patterns and guidelinesResponsibilities and dutiesWorking as a SME to own the AWS, IAM, API and overall Cloud Security architecture for a NDA programme, closely working with the other Architects, PO's, InfraDev and feature teams following Agile methodology andDevOps toolsets.Member of the Solution Design Authority team for the programme, setting Cloud security strategy and direction, producing Architecture patterns, HLD's & LLD'sWorking closely with AWS assigned (Enterprise account) architects & wider enterprise stakeholders to ensure the Architecture is aligned with Sainsbury's standards and follows AWS/cloud best practices/guidelinesProposing and presenting architecture/design to Sainsbury's Senior stakeholdersProducing, with continuous evolving (Agile) features, Security Architecture and design for all work-streams within the programme for different technologies including but not limited to Big Data (Hadoop/Cloudera)Reporting & Analytics (SAS, MicroStrategy), Data labs, Data Science, as well as for different integration channels/end-points and 3rd partiesAdvising the Dev leads, PO's on SSDLCIdentify technical threats and vulnerabilities for cloud workloads and inform business of potential impacts resulting from new or changed requirementsWorking closely with assurance team to manage 3rd party audits, PEN testing and communicating/managing the audit/PEN testing outcomes with businessContributing to the newly formed enterprise Cloud Competency Center (CCC) with inputs and architecture/design approach (es), as well as ensuring where relevant the cloud patterns defined for the programme was adopted/consumed by the CCC as an Enterprise pattern(s)Ensuring that the business implications of risks assessment are clearly communicated to the relevant stakeholdersWas an instrumental part of the Architecture team to ensure Kanban, Jira & Confluence are updated for accurate reportingAttend key technical workshops/meetings/stand-up's/Story refinements/Scrum sessions that aid the go live ofstrategic feature drops

Tesco Stores Ltd

01/09/06 - 01/09/16

Tesco Stores Ltd & Tesco BankSecurity Architect (On-premise and Cloud)I was primarily responsible for defining the end-to-end security architecture for Tesco's multi-channel platforms andTesco Bank; this includes the Conceptual, Logical and Implementation Architecture views. My role was with theInfrastructure and covered both On-premise and Cloud. I was expected to translate business objectives to technical solutions covering both UK and International business, primarily focusing on workloads associated with CloudDatacentre Network, IAM, API's, Microservices, WebApp's and CDNResponsibilities and dutiesAct as Design Authority for multiple, enterprise scale Security engagements both On-premise and PublicCloud (AWS)Develop business casesDefining principles, standards and new building blocksProducing technical architecture / design documentationTransparent and objective information security risk assessmentIdentify application security risks and requirements for new projects and system developments/deploymentsSupport the leadership of Information Security and Executive management in the promotion of informationsecurity best practice and embedding information security within the program streamDesign of Infrastructure, Applications, API's, IAM and Cloud security solutionsIdentify and implement control improvements to the security and risk management practices to improve overall security posture and gain efficiency for the businessResponsible for understanding business and technical problems addressed by the products and technologies including key regulations, business drivers, evolving business needsManaging security incidents if need be and provide consulting across the business on a day to day basisManaging Penetration Testing and the remediation process with both internal teams and third party developers, for both Web and Mobile applicationsAdvise and recommend on future technology and services by maintaining a high level of industry awarenessthrough training and self-developmentWork closely with Vendors / Partners where required to better understand practice and process in design andimplementation of solutionsWork with other Security related teams in the organisation to have a coordinated security approachDisseminate knowledge to the other members of the team & mentor new colleaguesLooking across security holistically, offering an enterprise perspective to help create technical cohesion withexisting initiatives while contributing to the strategic planning for a Software Defined Datacentre incorporating public and private cloudNotable Projects and achievementsOn-Premise and Cloud Network Security Architecture design of Tesco Bank across business domains ofGeneral Insurance, Credit card & Online bankingTechnical architecture and delivery of Tesco Bank Internet facing web applicationsSecurity Architect who designed Tesco PLC Internet DMZ and migration of DMZ to AWS Public cloudSecurity Architect for Tesco Group WAN Project and successful delivery of a new Global Wide Area secureNetwork and centralised services for Tesco across twelve countriesCentralisation & consolidation of SILO internet stems across 12 group countries across EMEA and Asia- Pacific to a common security framework, along with migration of services to a single externally securitymanaged service.Designing and delivering a next generation secure network to support Tesco's strategic move to SoA byembracing the use of the public cloud (AWS) and integration with Tesco Legacy SystemsInfrastructure security simplification and standardisation of the Tesco data centre network, significantlyreducing the number of network security zones delivering a step change in the ability to deliver solutions in an agile approachDefining and helping security program across Tesco Technology to improve the security posture of Tesco for its customers and colleaguesTransparent Integration of online properties to Akamai CDN consuming their Kona Site defender security offering thereby enhancing the security posture of the online services

More Work Experience

Education and Training