Security Architect

Role description:

As a Security Architect focusing on Realtime Platforms team, your primary responsibility will be to ensure robust security controls across hybrid and multi-cloud environments, aligning with regulatory and compliance requirements. This role requires deep expertise in service mesh technologies and IBM Data Power for API security and integration.

• Develop and maintain security architecture for service mesh deployments across Kubernetes and containerized environments.
• Conduct thorough risk assessments to identify potential security threats and develop mitigation strategies.
• Create comprehensive threat models aligning with MITRE ATTACK & STRIDE frameworks.
• Recommend the best controls & mitigations to potential vulnerabilities
• Design/Review secure API gateways and integration patterns using IBM Data Power appliances.
• Define and enforce security policies, standards, and best practices for microservices, APIs, and data flows, ensuring Ensure compliance with financial regulations (e.g., PCI DSS, ISO 27001, GDPR).
• Implement mTLS, RBAC, and zero-trust principles within service mesh frameworks.
• Configure and manage Data Power for API security, encryption, authentication (OAuth 2.0, JWT, WS-Security), and traffic mediation.
• Collaborate with cross-functional teams to integrate security measures seamlessly with downstream systems
• Communicate security risks and strategies effectively to stakeholders, including executive leadership and IT teams.

• Proven experience as a Security Architect working in a large, complex organization. Ideally, this experience would be within a financially regulated enterprise (e.g., PCI compliance).
• Hands-on experience with IBM Data Power for API security, integration, and policy enforcement.
• Familiarity with OAuth 2.0, JWT, TLS, WS-Security, and encryption standards.
• Previous relevant experience in developing bespoke Threat Models leveraging frameworks like MITRE ATTACK & STRIDE
• Proven ability to design secure architectures for hybrid/multi-cloud environments
• Experience with zero-trust security models and microservices security.
• Be able to understand and assess the security elements of technical designs / solutions and have a proven ability to constructively challenge to deliver better business and security outcomes.
• Good knowledge of cryptography
• Previous experience of working in UK Financial Services or similar highly regulated industry.
• Have a relevant professional qualification (or be working towards certification), such as CISM / CISSP.
• Familiarity with M&A processes and the unique security challenges they present.
• Proficiency in CI/CD automation tools (Terraform, Ansible, Git, Jenkins).
• Knowledge / experience of PCI-DSS, including PCI-P qualification.
• Knowledge / experience of Data privacy and GDPR;
• Experience with regulatory compliance frameworks specific to financial organizations.
• Excellent interpersonal and communication skills.