Lead Security Architect

Key Performance Indicators (KPIs) and Responsibilities

Security Alignment and Governance

• Align JLR L2 logical security capabilities with business and epic team requirements.
• Contribute to epic journeys, service blueprints, and architecture artifacts with security considerations.
• Provide security Non-Functional Requirements (NFRs) and support ADA/SPADA approval processes.
• Collaborate with solution and enterprise architects for security capability reviews and alignments.
• Define and maintain security architecture artifacts, including principles, policies, standards, and patterns.

Risk Management and Threat Mitigation

• Review risk areas using STRIDE and highlight security considerations in system context diagrams.
• Assess and mitigate threat vectors for epic artifacts, including customer journeys and supporting processes.
• Recommend security controls for journey stages and ensure alignment with JLR security architecture.
• Identify and address information security risks and vulnerabilities across the business and projects.

Governance and Security Enhancements

• Improve governance processes by embedding clear security requirements.
• Review and enhance current security measures, tools, and practices.
• Ensure alignment of IT projects with enterprise security policies and central security systems.
• Provide SME support and documentation for technical security inputs in projects.

Tools, Systems, and Incident Management

• Develop, maintain, and monitor security tools, systems, and protocols.
• Support security incidents by providing technical input during and after events.
• Stay updated on security trends, tools, and technologies to enhance the organization's security posture.

Collaboration and Advisory

• Provide security guidance during epic hypothesis reviews and MVP assessments.
• Advise teams on information security threats, risks, and configurations to mitigate business impacts.
• Collaborate with broader organizational teams to ensure robust information security measures.

Reporting and Continuous Improvement

• Identify security risks during transitions to target operating models and document mitigation strategies.
• Ensure proactive monitoring and enhancement of the organization's security and IT environments.
• Lead the development of secure logical solutions and identify gaps across architectures.