Senior Cyber Security Architect - Director

Role Description

The Senior Security Architect is a part of the Solutions Security Architecture team within the Information Security Group and is responsible for strategizing, researching, evaluating, designing, and implementing security solutions for the organization by acting as a lead and managing other security architects as required. With an emphasis on the following areas; Security Architecture and Design, Network and Infrastructure Security, Cryptography and Key Management, Vulnerability and Threat Management, Security Standards and Technical Procedures, Compliance, Risk Assessments, Security Monitoring and Incident Response, Network Segmentation, and Zero-Trust.

Role Objectives: Delivery

The Senior Security Architect collaborates with other members of the Information Security team, Enterprise Architecture and Engineering teams, Systems Administration, Group Companies, Internal Audit, Compliance, the Fraud team, and other areas of the business.

This role will focus on developing security strategies, research and evaluate new technologies and capabilities, and to design and implement practical solutions to secure the Bank's internal and external infrastructure, networks, perimeters, cloud tenants, and other platforms and service providers. This includes assessing any new technologies and services being considered for use by the bank.

A core competency for this role is to help define future state security strategies and roadmaps for the bank and it's subsidiaries. This includes advancing security controls maturity by adhering to established frameworks and technologies that protect the bank's IT infrastructure and business assets from cyber threats and to comply with relevant regulatory requirements.

The Senior Security Architect will also play a key role in defining and advancing the bank's Zero-Trust security strategy. This involves participating in a global zero-trust assessment effort, the development of a long-term zero-trust roadmap, and establishment of an official ZTA program. This effort will also involve designing and implementing solutions that align with ZTA and assume no implicit trust for users, devices, applications, and network flows.  

The sole purpose of the Solutions Security Architecture team is to ensure "security" is embedded in all system architectures and solutions, align with business goals while proactively reducing risk and enabling secure business operations. This role reports to the Director of Solutions Security Architecture and could have direct reports depending on a need to provide leadership to other individual contributors.

Role Objectives: Interpersonal

Primary Responsibilities

• Security Architecture emerging technology research, design, evaluation, analysis, and implementation.
• Develop future-state security strategies and roadmaps.

• Focus on Solutions Security Architecture as it relates to cyber threat visibility, detection, prevention, and analysis.
• The development of Information Security technical standards, procedures, and guidelines.
• Provide support for penetration testing activities, reporting, and issue resolution as it pertains to mitigating risk.
• Liaise with global colleagues on the development of new designs and standards.
• Work with various project teams to design and implement secure security solutions.
• Evaluate and certify new technologies or new versions of existing security controls and products.
• Integrate and operationalize new products into all areas of the infrastructure.
• Act as a liaison and escalation point to our partners and vendors to help resolve any complex issues.
• Write and maintain technical documentation, including design documents (project charters, IT requirements, RACI), test/project support plans, procedures, incident reports, operational runbooks, and troubleshooting guidelines.
• Involved in all aspects of planning new projects and proposals, support the budget and procurement process, tools rationalization, and resource planning.
• Support the Architecture Guidelines Compliance function, to ensure all new applications and services are successfully risk assessed and follow security standards across the organization.
• Manage other security architect resources who are focused on solutions security, which includes any solution or service which provides network visibility, detection, prevention, and analysis of threats to the bank.
• Provide support for internal and external audits, regulatory demands, and assist the GRC team as a subject matter expert with risk acceptances, issues reporting, and anything else that aligns with the function of risk analysis and mitigation.
• Support of the e-Vision program, where the main focus is to provide the SOC with the proper tooling required to maintain robust visibility, monitoring, and incident response platforms.
• Level-4 escalation as required for significant security exploits and mitigation.

Role Objectives: Expertise

CRITICAL JOB KNOWLEDGE AND CORE COMPETENCIES/SKILLS

• Security Architecture as it relates to reference architectures, design reviews/assessments, and alignment with secure frameworks.
• In-depth knowledge of cybersecurity topologies, concepts, services, technologies, attack vectors, threat management, solutions architecture and operating systems.
• In-depth understanding of topics related to Zero-Trust, segmentation, network security, secure use of cloud services, perimeter design, assessing risk, cryptography/encryption, secure remote access, secure protocols, intrusion prevention/detection, NDR, incident response, NGFW, EDR/XDR, SOAR, machine learning, behavioral analysis, AI, vulnerability management, and SIEM.
• Thorough understanding and knowledge of security architecture concepts and process relative to properly evaluating, designing, implementing, and operationalizing new technologies, services, and solutions.
• Sound knowledge of preventative and mitigating security techniques, to protect against threats and emerging attacks. Including the use of security framework’s such as NIST, MITRE, OWASP, and FFIEC.
• Ability to translate security policies, standards, and procedures into technical architectures and/or configuration settings for the purpose of designing secure and practical solutions.
• Highly developed sense of accountability and following through with discipline to effectively prioritize multiple tasks within the context of conflicting deadlines and changing priorities.
• Ability to raise awareness and issues to executive leadership, engage leaders and stakeholders in understanding their roles in delivering enterprise Change, Configuration and Release Management processes.
• Strong organizational, problem solving, and written oral communication skills.
• Ability to work independently and with a team to accomplish multiple tasks and projects.
• Understanding the ITSM process and using tools like Service Now to help manage projects, resources, tickets, shared services, and incidents.
• Ability to effectively manage other security architects and provide direction, mentorship, and the establishment of goals to define expected outcomes.
• Experience with integrating vendor products into a complex corporate IT banking environment and the ability to properly transition to an operational state.
• Strong understanding of operating systems, insider risk, vulnerability assessments, understanding penetration test results, threat analysis/interpretation, SIEM, IR, LAAS, IR, Zero-Trust, network/micro segmentation, use of AI/ML/Behavioral Analytics tooling, and securing Cloud tenant environments.

Qualifications and Skills

10 + years of specialized experience in cybersecurity and the various competencies listed within this job description.

10 - 15 years of experience in secure computing or related area with an emphasis on network security, segmentation, and Zero-Trust Architecture.

Additional Requirements

Education

Required:   

BA / BS or equivalent

Preferred:    

Computer Science or Computer Software Engineering degree or equivalent training.  

Licenses / Certifications / Registrations:

Training and security certification - such as the CISSP, ISC2 specialization, or ISACA.

CEH or other security related certifications is a plus.                           

Other:

Familiar with AI technology & terminology, NIST/OWASP guidelines, FS-ISAC, NYDFS/FRB regulations, encryption technologies, TCP/IP and secure protocols, working knowledge of Visio, Word, Excel, PowerPoint, Service Now, Coupa, Confluence, Wiki’s, and understanding project management methodology is a bonus.