Security Architect

Job Title : Security Architect

Location: Pune

About Barclays

Barclays is a British universal bank. We are diversified by business, by different types of customers and clients, and by geography. Our businesses include consumer banking and payments operations around the world, as well as a top-tier, full service, global corporate and investment bank, all of which are supported by our service company which provides technology, operations and functional services across the Group.

Risk and Control Objective

Take ownership for managing risk and strengthening controls in relation to the work you do

Working Flexibly

Hybrid Working

Remote role:
At Barclays, we offer a hybrid working experience that blends the positives of working alongside colleagues at our onsite locations, together with working from home. We have a structured approach to hybrid working meaning that colleagues work at an onsite location on fixed, ‘anchor’, days of the week, for a minimum of two days a week or more, as set by the business area (or nearest equivalent if working part-time hours).

Introduction:
As a member of the Security Architecture, Cloud & Innovation team, a Security Architect focusses on the global technology estate, ensuring that the estate is designed and built to appropriate levels of security, through production and maintenance of security reference architectures, patterns and principles.

What will you be doing?
- Work in a highly collaborative team to solve complex business needs in secure ways.
- Focus on Secure by Design to guide the organisation to the right balance of operational & secure approaches.
- Use your experience & ability to quickly learn about new technologies to define secure approaches to enterprise-wide challenges
- Shape strategy and drive consistent implementations that enable the business to pursue their digital and cloud agenda, securely.
- Work alongside the bank’s broader security teams, assisting in the development of relevant plans and roadmaps.
- Liaise with teams across Barclays for impacted/proposed services to ensure security, risk and regulatory requirements are met.
- Define security reference architectures, which define global security capability strategy for the organisation, ensuring that these align with enterprise strategy and goals.
- Provide security input and/or run security product assessments and RFPs.
- Guide the implementation approach for the implementation of new core security tooling
- Assess whether new products and solutions align with Enterprise Architecture mandates, business strategy, security strategy

What we’re looking for:

- Experience in defining security reference architectures and security integration patterns.
- Identifying gaps within the Bank’s security posture and evolving these into strategic funded deliverables.
- Ability to define security principles and requirements aligning back to reference architectures.
- Exposure to conducting security based assessments of products and services for RFIs/RFPs.
- Ability to define product strategies and roadmaps, ensuring alignment with Enterprise strategy.
- Working collaboratively with colleagues to scope and define strategic aims for security projects, programmes and portfolios of activity.
- Experience in providing technical guidance and direction across a portfolio of work.
- Minimum educational qualification - Graduate/ Postgraduate

Skills that will help you in the role:

- A willingness to learn new technologies/skills, an ability to fuse together different priorities and the interpersonal skills to manage key stakeholders. You don’t need to be an expert in all aspects of the following, but will be expected to operate within this context.
- A strong understanding / experience of, security strategies and technologies in a large Enterprise (preferably in the financial sector).
- Exposure to modern, large scale architecture patterns.
- Ability to work alongside a DevOps operating model and associated tools (e.g. JIRA)
- Ability to identify Threat Vectors in enterprise or cloud environments and design associated security/controls.
- Knowledge of Enterprise security frameworks such as NIST Cybersecurity Framework.
- Knowledge of Cyber-attack phases (e.g. Cyber Kill Chain and/or Mitre Att&ck Framework).
- Knowledge of a broad range of security capabilities, technologies and concepts (e.g. cryptography, data security, network security, endpoint security, security penetration testing, identity and access management, vulnerability management etc).
- Understanding of the interplay between cyber security risk factors, regulatory requirements and changing technology landscape for the financial services sector.
- Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
- Skill in designing countermeasures to identified security risks.
- Knowledge of cybersecurity and privacy principles and organisational requirements (relevant to confidentiality, integrity and availability