Principal Security Architect

Principal Security Architects serve as the key point of contact between the Security Architecture team, and CIO technology teams. Each business unit has a Principal Security Architect aligned to that CIO.

The Principal Security Architect works with the aligned business unit, ensuring the security posture of new systems and significant change to existing systems; Proactively working with the head of architecture to ensure security is built into the design of systems; Representing cyber security at Architecture Governance Boards for their business unit; Working with the aligned BISO to endure security risks and requirements are understood.

Key responsibilities:
Represent Security Architecture, and the wider CISO function, in the divisional technology team.

Ensure that all new systems (and significant changes to existing systems) have been reviewed to ensure appropriate security controls are in place

Be a member of the divisional architecture function, and lead security initiatives in that function.

Represent the CISO team in the Architecture Review Boards.

Ensure Security Architecture Reviews are built into the division’s technology acquisition and delivery processes / software development lifecycle processes / architecture governance processes

Collaborating with the wider Cyber Security team to develop the teams processes and frameworks.

Advocate into the central Security Architecture team and broader CISO function, on behalf of their business unit.

Attend and contribute to relevant design forums

Suggesting and developing security architecture design patterns

Nurture and ensure technical practices are implemented to support delivering technical excellence.

Foster and support experimentation and innovation in solving problems

Provides company representation, internally and externally, related to information security, as needed.

Establishes metrics and monitoring to report the effectiveness and efficiency of the Security Architecture function.

Leadership responsibilities:
Although this is a single contributor role, this is also a Leadership role, with responsibility of leading the adoption of the security program into the business unit, alongside the BISO.

Key activities:
Delivering security reviews for all relevant projects in the division.

Providing security consulting to the division.

Ensuring Security Architecture Review is built into divisional processes for acquiring and developing new technology, including developing any needed processes.

Impact:
This is a broad technology role which is highly important to the management of security risks associated with business technology systems in that division.

In addition the role holder will provide input int group-wide security patterns, frameworks and processes.

The role is key to addressing regulatory concerns for all of our regulated entities related to cyber security and cyber resilience.

As well as being key to securing the groups systems, this role also delivers the ability to demonstrate to regulators, auditors and internal control functions that security is being delivered.

Technical / job functional knowledge:
Extensive experience in technical engineering or information security roles, security architecture preferred.

Experience in enterprise architecture frameworks

Experience in thread modelling / deign patterns

Detailed understanding of the latest security principles, techniques and protocols

Critical thinker

Problem solving skills, ability to handle a varied workload and take ownership for activities

Familiarity with OWASP Top 10, SANS Top 25, NIST / CSC, CIS etc.

Applied understanding of topics such as authentication, access control, encryption, cloud security, operating system security, network security, database security.

Business and sector expertise:
Preferred prior experience in the financial services, a regulated environment or technology sector.


Leadership and management experience:
Must have a collaborative work style ensuring that stakeholders are engaged in decision making processes.

Highly adaptable and able to approach challenges differently in order to achieve goals.

Experience in bringing in third party consultants / scale out resource preferred.

Personal skills and capabilities:
Must take ownership of tasks and demonstrate high degree of automatic responsibility to ensure completion.

Must be personable and foster good team deliverable output and good team morale.

Must possess clear oral and written communication skills and be able to clearly articulate complex concepts to a broad audience.

Must have ability to successfully work as a part of a globally disparate team as well as work independently.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excelle