Information Security Architect

Who we are We are one of the largest international law firms in the world. With over 30 offices across the globe, we strive to exceed the expectations of our clients, providing them with the highest-quality advice and legal insight, which combines the firm's global standards with in-depth local expertise. Our firm, work and people span jurisdictions, cultures, and languages. We offer our clients a truly international perspective. We believe every career should be rewarding and stimulating - full of opportunities to learn, thrive, and grow. That's why we're so proud of our inclusive, friendly, and team-based approach to work. You'll find our clients in commercial and industrial sectors, the financial investor community, governments, regulators, trade bodies, and not-for-profit organisations. But no matter who they are or why they've reached out to us, we provide a world-class service every step of the way. And that's possible thanks to the entrepreneurial spirit and conscientious approach to work that you'll find across all of our teams. Whichever area of the business you join, you'll become an integral part an innovative, diverse and ambitious team of people. Clifford Chance is a place where the brightest minds and the best of colleagues meet. Job Description The role Working as part of the wider Security Architecture, Engineering and Resilience team, The Information Security Architect is the responsible authority with the requisite knowledge to work across a wide variety of portfolios providing Information & Cyber Security domain expertise and skills to help provide strategic technical direction that can optimise enterprise outcomes. This role focuses on the implementation of Information and Cyber Security across multiple portfolios within CC IT space. It is a key role in delivering Information & Cyber Security transformation and helping to ensure that the end vision is being delivered in a secure and resilient way while focusing on the overall experience to the users. The Information Security Architect will collaborate on the production of the domain architectural runway built to support future, current and near-term business security and resiliency needs. The Information Security Architect will also lead the firms IoT Security platform in line with its SmartBuilding and aligned activities. It will also maintain the assurance posture for IoT and OT devices making sure that Cyber response and monitoring is achieved with the desired visibility and that the IoT and OT devices are secured according to risk. The Information Security Architect will be responsible for architecture security patterns and approaches for firm systems and data deploying best practice by default. The Information Security Architect will be the first point of all for all matters of technical guidance around security to other subject matter experts in the business. At portfolio level, the Information Security Architect provides guidance relating to information and cyber security with regards to business changes, changes in underlying technologies, emerging standards, competitive changes and other factors, which may drive the business in directions that are outside the purview of agile portfolios. The Information Security Architect will be a gatekeeper of Information Security within the CC Architecture Community of Practice and make sure that all platforms are appropriately designed to mitigate information risk and are secured as appropriate and tested as required. Information Security architect will work with the Cloud Security Architect to build on the Cloud Centre of Excellence within the firm making sure that all activities are visible and secure. Information Security Architect will represent the security function at governance and control activities within the wider IT and firms aligned functions. Key Responsibilities Maintain a high-level holistic vision of Information Security within enterprise solutions and development initiatives. Build, contribute and maintain Information Security input to domain level roadmaps by demonstrating how they deliver the firm's core business capabilities in a secure manner and align to longer term strategic security and business roadmaps. Architect, Design, Build and Run Security services for the wider IT function including IoT, OT and IT (on prem and cloud) Understand and communicate strategic Information Security themes and other key business drivers for architecture to solution architects and non-technical stakeholders. Contribute an Information and Cyber Security perspective to wider architectural initiatives in the portfolio where applicable. Attend and participate in Data Governance Board project proposal reviews for use of data to ensure appropriate security and data use. Influence Information & Cyber Security best practices with regards to common modelling, design and coding practices, working closely with our application development teams and technical leads to ensure security across the portfolio. Collect, generate and analyse innovative ideas and technologies that are applicable to the enterprise in this domain. Address Information Security innovation as part of the future of architecture. Synchronise the following across solutions whenever applicable: - System, data security and quality; - Production infrastructure; - Solution User experience governance; - Scalability, performance and other non-functional requirements. Participate in Release Planning activities from an Information Security Perspective. Work with aligned IT functions to asses security architectural requirements and engagement to fit demand Keep in touch with the reality of the day-to-day Information Security architecture work, listening to the feedback and issues raised by the domain teams to consider and reflect in the roadmaps. Qualifications Your experience Skills: Ideally, an Information Security professional with both technical design and engineering expertise in a range of technologies as well as comprehensive knowledge set of Information & Cyber Security frameworks and principles. Fully conversant with the Microsoft suite of tools (E5, DFC, Sentinel, Entra, Defender for IoT) Should have exposure to Endpoint, Data Protection, Threat Intelligence and Application Security technologies Experience in creating architecture design documents, including HLDs and LLDs Exposure to data privacy standards and implementations Extensive senior stakeholder management skills. Able to work on multiple projects simultaneously and manage their time effectively Ability to work collaboratively with IT teams, legal professionals, and other stakeholders to ensure security measures align with business objectives. Excellent communicator with strong, analytical and problem-solving skills to address security challenges effectively. Knowledge of architecture frameworks and methods such as The Open Group Architecture Framework (TOGAF) and the ability to develop and maintain personal architectural knowledge, skills and abilities. Experience: In order to perform this role, you will have at least 10 years IT experience, five years of which must be in an either a senior engineering role or security architecture role working at senior level in a global organisation. You will have a comprehensive knowledge of all Information Security & Cyber Security domains. Your Architecture or engineering experience must be clearly demonstrable and will have worked as an architect and understand the requirements of architecture frameworks and Information & Cyber Security frameworks such as NIST, Cyber Essentials and ISO27001. Previous experience of working for a global professional service environment or corporate organisation such as legal/finance/banking. Solid understanding of multiple architecture and security tools, techniques and frameworks TOGAF, SABSA, BSIMM, NIST, ISO 27001 etc. Solid understanding of secure development principles for multiple delivery methods, Agile, Waterfall etc. Practical experience of Information Security Risk Management and Threat Management. The ability to champion Information Security Architecture principles at an enterprise level. Practical experience of working with Prince2, PMP, Lean & Agile delivery tools such as Agile Central (or other similar tools e.g. JIRA) is preferable Experience of developing IT roadmaps for specific business or technology areas. Experience of working with multiple, diverse technologies and processing environments. Adaptability to adapt security architecture plans to a variety of rapidly changing environments. Ability to building information and system resilience into every architecture plan or system to meet business requirements. Written and Verbal Communications: Highly developed written and verbal communication skills, capable of producing global and sensitive communications to a varied audience at all levels in both Practice Areas and Business Services. Excellent verbal and interpersonal communications skills – some form of customer-facing interaction or consulting experience is a plus. Qualifications: The ideal candidate will be Certified Information Systems Security Professional (CISSP) or qualified, preferably with either Certified Information Security Manager (CISM). Client Focus At Clifford Chance, we believe in bringing the client - both internal and external - to the centre of everything we do. To do this we need to understand, anticipate and fulfill the unique needs and expectations of each client. We call this "Client Focus" and to help deliver this core part of our business strategy, we want to recruit people who not only excel in their field but who are also client focused. We are looking for people who: can demonstrate a keen interest and enthusiasm to understand their clients' priorities. are self-starters but also team players ready to help others and contribute to the overall success. listen, question and deliver; and are reliable and responsive, who can put the needs of the client first. who demonstrate the highest level of ethical behaviour, we never compromise on our ethics. In short, we are looking for people who are motivated by client satisfaction and who strive to exceed the expectations of their clients both internally and externally. Additional Information Hybrid Working This role follows our 'balanced' hybrid working approach and as long as business needs allow, you will be supported to work in a hybrid way with the expectation of working from the office for a minimum of 50% of your time. What we offer including our broad range of benefits and working environment When you join Clifford Chance, you will have access to a broad range of benefits to support you across many aspects of your personal and professional life including financial, wellbeing, lifestyle, and family friendly benefits. For more information on what we offer specifically in the UK, please visit our What We Offer page on our career site. Equal Opportunities At Clifford Chance, we understand that our true asset is our people. Inclusion is good for our team and their families, our firm and society. We are committed to treating all employees and applicants fairly and equally regardless of their gender, gender identity and expression, marital or civil partnership status, race, colour, national or ethnic origin, social or economic background, disability, religious belief, sexual orientation, or age. This applies to recruitment and selection, terms and conditions of employment including pay, promotion, training, transfer and every other aspect of employment. We have a variety of flourishing employee networks. These networks are a place for colleagues to share experiences and advocate for change wherever they see an opportunity for improvement. Our goal is to deliver an equality of opportunity, an equality of aspiration and an equality of experience to everyone who works in our firm. Find out more about our inclusive culture here