IT Security Architect

Welcome to BCG Worldwide IT!

We are seeking an IT Security Architect to join our growing Information Protection team. 

You will be working in a Security Engineering, Architecture and Operations capacity to drive and support improvements in our Information Protection Portfolio, notably in Data Encryption including Email Encryption, Full Disk Encryption, IRM and Key Management.

As well as play a key role in our newly formed Cloud Protection capability, in areas such as DevSecOps, Cloud Security Posture Management, Cloud Access Security Broker across SaaS, PaaS and IaaS platforms.

You will:

• Work collaboratively with application development, data protection, information security, and risk management teams to understand and implement data and cloud security solutions 
• Support vendor assessments, including proof of concepts and research into new security technologies
• Continuously improve encryption services based on input from a diverse network of internal and external stakeholders, and technology teams as well as the IT industry at large
• Create and maintain technical service roadmaps pertaining to data and cloud security
• Work in both a project and operational capacity
• Prepare and review monthly status reports and statistics.

Youre Good At

• Verbal and written communication skills in English is required; command of additional languages will be considered a plus
• Successfully interfacing and connect with skilled technologists and non-technical stakeholders, including members of the C-suite
• Working in an Agile environment leveraging strong work management, organizational and planning skills
• Acting as a mentor and lead to other engineers and architects, as part of a geographically dispersed team 
• Negotiating and consensus building between stakeholders where competing priorities exist, providing well-honed influencing skills
• Effectively handling difficult and stressful situations with poise, tact and patience, while demonstrating a sense of urgency.

You Bring (experience & Qualifications)

• Minimum 9+ years of systems and/or security engineering experience with large scale implementations distributed globally
• Extensive knowledge of a globally distributed environment across multiple platforms such as AWS, Azure and GCP
• Extensive experience of Email Encryption (Enforced TLS, S/MIME & PGP) 
• Extensive experience in Key Management including encryption, cryptographic key management, PKI lifecycle management and secrets management
• Experience of Full Disk Encryption (BitLocker, FileVault 2) 
• Experience of working with cloud and data security in a DevSecOps and agile working environment
• Experience in cloud security centric technologies, such as CASB, CSPM, Azure Security Center and AWS Security Hub 
• Experience with Information Rights Management/DRM solutions, such as Azure Rights Management and Azure Information Protection.
• Subject matter expertise of data-at-rest and data-in-transit protection techniques and methodologies
• Desirable
  • Ability to develop and automate scripts in Python
  • Understanding of SASE, SAML, SCIM, OIDC
  • Understanding of CI/CD pipelines
  • Understanding of infrastructure as a code and concepts
  • Understanding of systems configuration orchestration
  • Related security certifications (e.g.

    CISSP, CCSP, SABSA, ITIL etc.)