Cloud Security Architect

Job Title: Cloud Security Architect
Reports to: Chief Information Security Officer
Department: Information Security / Technology
Location: Flexible; this role can be based from either the London or Leeds C4 offices

DEPARTMENT DESCRIPTION
Technology looks after our information technology systems and services so we can deliver for our viewers and function as a business. This includes everything from audience-facing products and services on both TV and via digital channels to mobile applications and our central systems.
The department prides itself on being at the very forefront of technology so we can deliver as efficiently and effectively as possible.
Technology enables us to communicate and protects our data from security threats. Above all, it enables all major changes within the business.

The All 4 service was launched in 2006 as 4oD, the UK’s first broadcaster long-form catch up service. The service is now available on over 20 devices and enjoys millions of views per month. Channel 4’s recently published Digital Strategy puts much focus on All 4 for the future.

Channel 4 have also recently adopted the cloud for its corporate solutions to complement its usage in the New Media space as such we are in the market for a Cloud Security Architect who embraces and thrives in change.

JOB PURPOSE
As a Channel 4s Cloud Security Architect you will be part of the Information Security team and will be responsible for understanding, researching, designing and developing security solutions within Channel 4’s cloud environments. The Cloud Security Architect will help identify and implement critical controls and shall work in partnership with the business to ensure our viewers can trust Channel 4 to protect their sensitive information and the security of our critical infrastructure, staff, and assets is maintained.

The successful individual will work closely with the architects and developers of the online systems to help deliver the company and security strategies. This may involve the development of specific policies, overseeing of the testing approaches, dissemination of security principles and attendance of development or strategy meetings to ensure that security is considered at the appropriate stages.

The role will require the individual is to be accountable and own the security and architecture, including the configuration and application of the security protocols. They will be required to help advise and improve the security of the cloud performs for others where appropriate

KEY RESPONSIBILITIES
As a member of Channel 4’s InfoSec team we are wanting our Cloud Security Architect to have a passion for and experience in cloud security and have a strong understanding of current security trends and solutions. You will be responsible for improving and maintaining the cyber-security posture of Channel 4’s cloud services. We always require people to be ambitious, humble, motivated and highly experienced in their craft for this level of role, as it will involve working with various teams and stakeholders within the Channel. They key responsibilities shall include:

• Working alongside Channel 4’s security team, assisting in the development of relevant plans and roadmaps.
• Shaping strategy and drive consistent implementations that enable the Channel to pursue their Future4 strategy.
• Collaborating with architects, application and infrastructure teams, helping to shape secure business solutions and adopt strategic security components and services
• Liaising with teams across Channel 4 for impacted/ proposed services to ensure security, risk and regulatory requirements are met.
• Assessing whether new products and solutions align with Enterprise Architecture mandates, business strategy, security strategy
• Providing security input and/ or run security product assessments and RFPs
• Guiding the implementation approach for the implementation of new core security tooling
• Identifying risk and working with the Channel to implement appropriate mitigating controls.
• Produce security development standards for the API life cycle.
• Ensure secure design and data integrity preservation among users, apps and infrastructure.
• Implement repetitive / Automated validation testing prior to production that allows for a continuous cycle of development followed by application security assessments.
• Integrate security assessments into CI/CD tooling.
• Develop security test plans from architectural designs, identify deficiencies and make enhancements to ensure production is not impacted.
• Understand and leverage encoding and tokenization processes.
• Make recommendations regarding the current configuration to help increase the levels of security within the cloud environments
• Working with the information security team to help conduct assurance activities to ensure documentation is accurately completed to record the security posture of the cloud environments
• Be highly engaged in information security projects that evaluate existing security infrastructure and proposed changes as defined by security leadership and architects; deliver projects on time, within budget and in accordance with SLAs.
• Assist the information security team to conduct regular security awareness and training sessions for the Channel’s cloud security developers and third party suppliers.
• Develop authentication and authorization security requirements to adhere to credential storage, privilege management and authenticity standards; support role- and attribute-based access control.

ESSENTIAL EXPERIENCE & SKILLS

• Proven experience in cybersecurity is preferred, including compliance and risk management with system and application security engineering.
• Active involvement with practices emerging from OWASP, NIST and SANS, among others.
• Knowledge of security fundamentals for software-as-a-service (SaaS) application integrations.
• Experience with cryptography controls and measures to secure applications and data.
• Proven excellence in communicating business risk from cybersecurity topics.
• Experience development lifecycle (SDLC) practices. 
• Be educated on application security processes that comply with, Payment Card Industry (PCI), General Data Protection Regulation (GDPR), ISO27001 and other applicable regulatory or industry standard requirements and privacy laws.
• Skilful in single sign-on (SSO), OAuth, OpenID Connect and SAML. 
• Experience with implementing and designing appropriate security controls whilst working with internal and third party API’s.
• Experience working with Microsoft, AWS and Google cloud security environments
• Expected working knowledge of Windows, Linux and Unix.

DESIRABLE EXPERIENCE & SKILLS

• SANS certifications (GWEB) and others, CISSP, CCSP and/or CSSLP, OSCP (and related). 
• Experience working with one or more databases, including Oracle, MySQL, AWS RedShift and SQL Server.