Security Architect

Summary

The Security Architect has primary responsibility for leading the Security Engineering and Architecture function within the Bank’s Information Security team. The individual will develop and maintain the security architecture framework and strategy in accordance with the Bank’s policies, standards, and risk appetite. They will collaborate with business units, Risk Management, and Technology teams to ensure security is integrated with business and technology strategies and objectives.

Security Design, Architecture, and Strategy

• Lead the Bank’s Security Engineering and Architecture function.
• Develop and maintain the security architecture framework, standards, policies, and guidelines for the Bank’s IT systems and applications.
• Drive the Bank’s security architecture strategy ensuring adherence to principles of defense in depth, economy of mechanism, least privilege, and secure by default.
• Collaborate with business units, Risk Management, and Technology teams to align security architecture with the business and technology strategies and objectives.
• Provide security consulting on projects for internal clients to ensure conformity with corporate information security policy and standards.

Risk Assessment, Mitigation, and Threat Modeling

• Maintain an evolving picture of the threat landscape, trends, and emerging technologies.
• Perform security reviews of technology platforms and applications.
• Identify and evaluate security risks across technology and vendor platforms, networks, applications, and cloud environments by performing risk assessment and threat modeling activities.
• Develop and oversee execution of treatment plans to address identified risks in accordance with organizational policies, standards, and risk appetite balancing security, performance, and business needs.
• Analyze and recommend security controls and procedures in acquisition, development, and change management lifecycle of information systems, and monitor for compliance.
• Lead the assessment of security processes, platforms, and practices to identify areas for improvement.
• Ensure technology solutions have security considerations embedded throughout their lifecycle.
• Ensure ongoing compliance with regulatory requirements.

Project Management

• Lead in the management and execution of large-scale projects according to project management schedules.
• Develop comprehensive project plans including milestones, resource allocation, and timelines ensuring alignment with the Bank’s security objectives.
• Coordinate with internal and external stakeholders as required to ensure on-time and on-budget delivery of projects.
• Oversee the implementation and integration of security technologies and processes.

Support Incident Response Inquiries

• Support incident response efforts by reviewing security events and escalations, performing investigations, and seeing matters through to resolution.
• Support technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies.
• Collaborate with technology and business organizations as appropriate.

Professional Development

• Stay abreast of relevant industry related developments, trends, and threats.
• Commit to ongoing professional education and development in the Information / Cyber Security field.
• Provide technical and strategic direction and mentorship to team members.

Other Responsibilities

• Performs other job-related duties as assigned.

• Bachelor’s degree in an IT related discipline required;
• At least 5–8 years of experience in information technology, information security, risk, or similar field;
• 5+ years of experience in an information security role;
• 5+ years of architecture experience;
• Experience in a highly regulated industries is preferred;
• Relevant industry certifications (CCSP, CISM, CAASP+, SSCP, CNDA, CYSA+) and/or advanced degrees may be considered in lieu of experience;
• Deep expertise in secure design and architecture principles;
• Advanced knowledge of multiple security practice areas including security architecture, security engineering, identity and access management, asset management, vulnerability management, threat…