Job Type
Job Details
Location:
London, GBCondé Nast is a global media company, home to iconic brands including Vogue, GQ, Glamour, AD, Vanity Fair and Wired, among many others. Our award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views each month.
We are headquartered in London and New York, and operate in 31 markets worldwide, including China, France, Germany, India, Italy, Japan, Mexico & Latin America, Spain, Taiwan, the U.K. and the U.S., with local licence partners across the globe.
The Team
The Cyber Security Team provides the Cyber Hygiene and Cyber Resilience services that underpin and enhance the organisation's security posture.
The Cyber Security Team is responsible for; Information Security and Cyber Risk management, Security Operations and the global SOC, Security Architecture, Application Security and Security Engineering.
What will you be doing?
Work with a team of security engineers to ensure timely delivery of any internal cyber security projects and manage BAU activities within the scope of cyber security services.
Support the manager, security architecture in defining the Technical, Security and Process requirements required for new and existing security tools, services and solutions.
Working with the Security Architecture Manager, design and maintain the overall security architecture and roadmap for the business, ensuring appropriate solutions are selected to mitigate threats and align with the overall technical architecture across the organisation.
Participate in meetings relating to projects with cyber security engineers and business stakeholders, as and when required for projects where you will represent Cyber Security as the technical lead.
Support the Cyber Security Program where required with defining security architecture objectives within programme workstreams and translate business objectives into a project scope ensuring key deliverables are defined.
Work closely with the Cyber Security Programme team to align the security goals & objectives of the program with the overall Cyber Security, Enterprise Technology and Business strategy.
Liaise with the Global Architecture team to ensure processes or solutions designed, balance business requirements with technology and cyber security requirements.
Work with Technology stakeholders and the security operations team to identify security gaps in existing and proposed architectures and recommend changes or enhancements, supporting the Security Engineers to implement.
Ensure existing security solutions are adequately maintained and enhanced as well as provide the coverage that the business requires.
Work with stakeholders to ensure our security controls are implemented across the business and align with our standards and policies.
Where required, assist with the creation of technical security standards and procedures to support our security policies.
Assist with the creation and updating of security technical architecture design, diagrams and roadmap documentation.
Engage with team members within the product and engineering teams and work with them to embed better security practices and controls within our environments.
Who you are?
Familiarity with security standards, governance & controls – NIST, CIS, CSA, OWASP etc.
Experience across the spectrum of Security Architecture and Governance domains
Hands-on experience delivering security projects, having led or supported security engineering teams.
Excellent knowledge of PAM, IAM, and secure device configuration and hardening, using CIS benchmarks.
Hands on experience of leading the implementation of security solutions such as IAM (Okta), PAM (CyberArk), EDR/XDR (Sophos), SIEM (Splunk), Vulnerability Management (Rapid 7).
Knowledge and understanding of AppSec tools (SAST, SCA, IAC),will be beneficial.
Experience of supporting an organisational shift to a DevSecOps model, from a DevOps model is desirable.
Knowledge and understanding of Kubernetes and containers is desirable.
Demonstrated ability to identify risks and issues associated within project workstreams and processes and escalate this as and when required.
The ability to be a cloud and enterprise security subject matter expert who can explain technical topics to those without a technical background.
Demonstrable experience in the production of technical design documentation, working within a multi-disciplined, multi-supplier environment, planning, and delivering quality results within agreed timescales.
Excellent written and verbal communication skills as well as business acumen and a commercial outlook.
Hands-on experience and strong understanding of information technology and enterprise security as a whole.
Strong team player, with an ability to lead teams and drive projects and initiatives forward.
Good all round communicator
What benefits do we offer?
Condé Nast Learning Hub where you’ll find you’ll find all Condé Nast-developed learning courses and trainings, and over 16,000+ courses in seven local languages
25 days holiday and extra days of annual leave for if you get married, move house or want to volunteer
Hybrid working and core hours
Competitive pension scheme
Bupa Private Healthcare
Season ticket loans
Cycle to work
Employee Assistance programme
Bring your dog to work
A wide variety of wellness benefits including gym discounts
Discounts and Magazine Subscriptions
Employee Resource Groups to provide a platform for employees to identify shared objectives, exchange ideas, and work on community priorities for our global workforce
If you are interested in this opportunity, please apply below, and we will review your application as soon as possible. You can update your resume or upload a cover letter at any time by accessing your candidate profile.
Condé Nast is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, familial status and other legally protected characteristics.
