£750 - £751 per day
about 1 month ago
Zero Trust Architect
Zero Trust is a key focus area enabling the client to achieve its objective of having best-in-class cyber security.
The program will deliver a comprehensive the client architecture, transforming our cyber security and adapting the clients technologies to innovative approaches for application access.
The program will bring together capabilities from relevant security domains, deploying the fundamental building blocks in the areas of network, data protection, identity and access management, end-user devices, and cyber monitoring, resulting in the Zero Trust principles deployed.
We are seeking to partner with a vendor to refine our approach; accelerate the development of the strategy, use-cases, and requirements; and bring experience and perspective from the industry and similar organisations. The vendor will iteratively present the finding with the clients Zero Trust architecture group and SMEs to deliver the work products.
Work Product Description / Key Activities
- Review and refine the conceptual architecture in preparation for approval at the Design Authority, and to meet deliverable to "agree and sign off Zero Trust use-cases and Architectural requirement"
- Ensure the conceptual model defines the inter-dependencies on other components in the TRM model
- Complete the definition of the different deployment models (for example: Resource-Based, Enclave-Based, Cloud Routed, Micro-segmentation, etc) and the pros and cons of each, and perform an assessment with recommendation on the model best suited to the client. Engage with Core Architecture Group and key stakeholders to agree the target deployment model
- Assessment of the high-level deployment models suitability for meeting the defined use-cases and requirements (see A2 below)
Deliverable: Conceptual architecture that is approved by the Clients Security Design Authority
Use-Cases and Requirements
- Engage the clients stakeholders and complete the detailed use-cases and requirements
- Prioritise use-cases and requirements for input into the strategy
Deliverable: Use cases and requirements defined and approved by the clients Security Design Authority
- Define approach for measuring Zero Trust maturity
- Perform assessment of existing Zero Trust maturity, and where applicable leverage existing component maturity assessments
- Define strategy for achieving the architectural objectives over a multi-year period, that takes in account the criticality of assets, existing technology footprint and plans, risk reduction, excessive implicit trust, and employee working patterns.
- Syndicate and agree strategy with key stakeholders across the program and technology organisation
Deliverable: Multi-year strategy approved by the Zero Trust Steering Committee
- Market assessment of potential vendors for execution of the initial strategy, that considers existing evaluation already performed by the clients, existing and strategic vendor relationships, and market leaders
- Define evaluation criteria and perform assessment against the clients requirements to down-select to the vendors (typically 3-4)
Deliverable: Documented assessment that can be issued to vendors for response
In summary, We need someone who has done some or all of the following:
- Developed a Reference Architecture based upon Zero Trust principles and can demonstrate a methodology to underpin this
- Developed a Zero Trust strategy and successfully positioned it at board level for the onward execution of the business
- Developed a Zero Trust methodology for the architecture of Zero Trust components such as SASE, ZTNA, Segmentation, Third Party Access etc.
Oscar Technology is acting as an Employment Business in relation to this vacancy.