Principal Security Architect

Principal Security Architects serve as the key point of contact between the Security Architecture team, and CIO technology teams. Each business unit has a Principal Security Architect aligned to that CIO.

The Principal Security Architect works with their aligned business unit, ensuring the security posture of new systems and significant change to existing systems; Proactively working with the head of architecture to ensure security is built into the design of systems; Representing cyber security at Architecture Governance Boards for their business unit; Working with the aligned BISO to endure security risks and requirements are understood.

Key responsibilities:
Represent Security Architecture, and the wider CISO function, in the divisional technology team.
Ensure that all new systems (and significant changes to existing systems) have been reviewed to ensure appropriate security controls are in place
Be a member of the divisional architecture function, and lead security initiatives in that function.
Represent the CISO team in the Architecture Review Boards.
Ensure Security Architecture Reviews are built into the division’s technology acquisition and delivery processes / software development lifecycle processes / architecture governance processes
Collaborating with the wider Cyber Security team to develop the teams controls, processes and frameworks.
Advocate into the central Security Architecture team and broader CISO function, on behalf of their aligned business unit.
Attend and contribute to relevant design forums.
Suggesting and developing security architecture design patterns and guidance.
Nurture and ensure technical practices are implemented to support delivering technical excellence.
Champion and support experimentation and innovation in solving problems.
Provide company representation, internally and externally, related to information security, as needed.
Establish metrics and monitoring to report the effectiveness and efficiency of the Security Architecture function.

Leadership responsibilities:
Although this is an individual contributor role, this is also a technical leadership role, with responsibility of leading the adoption of the cyber security program into the business unit, alongside the BISO.

Key activities:
Providing security architecture and design consulting to business units.

Delivering security reviews for all relevant projects in the division.

Ensuring Security Architecture Review is built into divisional processes for acquiring and developing new technology, including developing any needed processes.

Provide expert guidance the business unit and BISO teams on technical risks and issues.

Impact:
This is a broad technology role which is highly important to the management of security risks associated with business technology systems in that division.

In addition the role holder will provide input int group-wide security patterns, frameworks and processes.

The role is key to addressing regulatory concerns for all of our regulated entities related to cyber security and cyber resilience.

As well as being key to securing the groups systems, this role also delivers the ability to demonstrate to regulators, auditors and internal control functions that security is being delivered.

Technical / job functional knowledge:
Required:
Extensive experience in technical engineering or information security roles, security architecture preferred

Familiar threat modelling techniques.
Detailed understanding of the latest security principles, attack techniques and protocols

Hands-on experience of designing and implementing systems in public-cloud computing (Azure, AWS, GCP, IaaS, PaaS, Containers).

A solid understanding of identity and access control systems (e.g. Microsoft Active Directory, Entra ID, Okta, Forgerock, Ping Identity, etc).

Experience of architecting security into customer facing, transactional systems (e.g. banking, trading, e-commerce).

Working knowledge of the OWASP Top 10, SANS Top 25, NIST, NCSC, CIS controls.
Applied understanding of topics such as authentication, access control, encryption, cloud security, operating system security, network security, database security.

Critical thinker
Problem solving skills and the ability to handle a varied workload and take ownership for activities.

Preferred:
Experience and/or interest in developing experience in new and emerging technologies and their security impact, such as generative artificial intelligence, machine learning, digital ledgers, quantum computing and data platforms.

Experience in architecting or operating high-performance and/or low-latency computer systems.

Experience in the use and implementation enterprise architecture frameworks.

Business and sector expertise:
Preferred prior experience in the financial services, a regulated environment or technology sector.


Leadership and management experience:
Must have a collaborative work style ensuring that stakeholders are engaged in decision making proces