Job Description
The Security Architect must gain understanding of the organization’s technology and information systems, and define the architectural description, embed security-by-design requirements and controls to the IT infrastructure, software, processes and operations.
Roles and Responsibilities
- Plan, research, and design flexible and robust security architectures for all bank projects and initiatives, detailing security controls and protection mechanisms.
- Partner with Solutions Architects, domain architects, business, and product teams to integrate security seamlessly into solution designs.
- Perform security design reviews, lead threat modeling exercises, identify security architecture gaps, and develop actionable security risk management plans.
- Continuously review current system security across IT infrastructure, networks, APIs, and software applications, recommending and implementing strategic enhancements.
- Conduct thorough technical design studies, reviews, and evaluations of applications prior to deployment to ensure security requirements are met.
- Evaluate security architecture and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents.
- Research on the latest security standards and ensures that acquired or developed systems and architecture are consistent with cybersecurity architecture standards
- Perform other duties that are required of and related to the core functions of a Security Architect.
Qualifications
- Graduate of a bachelor’s degree
- Experience in a wide range of security technologies, cloud platforms, API, and DevSecOps
- Demonstrated experience (at least 2-5 years) in security design and architecting, security engineering, with strong background (and proven record) in designing, implementing, and integrating security solutions and technologies. With a minimum of 2-3years in a leadership or senior role.
- Proficient in security and network infrastructure, design and operations, software development security practices (i.e., OWASP), API-design, microservices, vulnerability management, penetration testing, and threat modeling
- Proficient in full lifecycle secure system development, from concept to implementation and support
- Preferred certifications: CISSP, CISM, CCSP, Cloud-related certifications, and other IT and risk related certifications
- Proficient in information security, cybersecurity and data privacy principles and standards (NIST, CIS Controls, ISO 27001:2013, PCI DSS v. 3.2, and similar standards)
- Strong leadership and ability to motivate a team and work independently with peers across various levels of management, and multiple priorities in a fast-paced and dynamic environment.
- Analytical/Critical thinking and problem-solving skills with strong attention to accuracy and detail
- Effective written and oral communication skills for engaging with senior stakeholders and cross-functional teams