Industry: Other Area(s)
Job Number: 435
Pay Rate: 240,000
The Principal Security Architect provides leadership on security subject matter through design & delivery of infrastructure solution architectures and development of standards and reference architectures.
The Principal Security Architect will add experience and extensive knowledge on multiple technologies and solutions to the team’ s collective skills and expertise to further enhance the ability to provide secure technical design recommendations targeting the delivery of business value through successful project and program delivery.
The Principal Security Architect position will participate in all functions related to establishment of Security Architecture, including infrastructure security strategy and roadmap planning, acting as a senior security consultant to the business and IT Infrastructure teams, and help facilitate demand management.
This role requires technical expertise in multiple disciplines within Security, including: application security, networking, virtualization, data loss prevention (DLP), vulnerability management, IPS/IDS, HIDS, cloud computing (AWS & Azure), databases, comprehensive understanding of security and regulatory frameworks (NIST, ISO, HIPAA, etc.), exposure to security technologies (SIEM, User Behavior Analytics, cloud security, application security, WAF etc.).
In addition to a strong technical skill set, the role will require mentorship, design guidance, and consultation to drive change and support the evolution of the Technology Security Program. As a knowledge leader on the Technology Security Team, the incumbent is expected to remain engaged with and support other leaders across Business and Information Technology to ensure the timely delivery of security and business solutions.
- Actively lead the creation and updating of standards and reference architectures. These reference architectures will provide direction and guidance on proper compliance with defined standards while ensuring is deploying secure infrastructure solutions.
- Responsible for leading infrastructure assessments, making decisions on threat modeling and proper security service design and implementation.
- Communicate and collaborate with cross-functional peers outside of Information Technology, including second-line Risk, Enterprise Risk Management, Third Party Risk Management, Procurement, and business unit leadership.
- Drive objectivity and build consensus among internal and external stakeholders with widely divergent perspectives and motivators.
- Interact with industry peers from other financial institutions, research organizations, solution providers, etc.
- Lead the planning/remediation of assessment, audit, and risk findings.
- Participate in and contribute to key projects and initiatives across the enterprise as well as groups including but not limited to: Architecture Review Board, Security Review Board, and Change Review Boards.
- Prepare reports for senior management including presentations, metrics, and other documentation required to communicate status and maturity of the Technology Security Program.
- Participate in the development of the security roadmap and communicate the Technology Security vision to business partners and IT staff.
- Act as an advocate for security and lead efforts to promote security awareness at all levels of the organizations.
- Monitor and enhance secure architecture standards within the TDLC process and Security Review Boards.
- Identify and establish core architectural principles to enhance the security of services and solutions being delivered.
- Support larger architectural projects while leading internal projects.
- Provide consultation on secure infrastructure design.
- This role will influence and regularly collaborate with various peers via steering committees, standards and policy teams that influence the creation and maturing of security policies, standards, and reference architectures.
Experience with security designs and controls in Amazon Web Services, Microsoft Azure and virtualized environments considered highly desirable.
While this role is an individual contributor, prior experience leading groups of architects and engineers on large projects also highly desirable.
Minimum certification must hold current CISSP or CISM
Desirable to hold CCSP or equivalent
Minimum 5 years’ experience as a security architect and 12 years combined technology experience.
Bachelor’ s degree in a technical field and/or equivalent work experience