Enterprise Security Architect

Job Description

SUMMARY: The Enterprise Security Architect will play an integral role in assisting in the implementation and delivery of the security strategy and technical direction applied to ensure the Bank's data and applications remain secure. The role will report to Chief Enterprise Architect and will collaborate with other Enterprise Solution Architects, Implementation Teams, and Enterprise Risk Management teams to ensure that the Bank's technology solutions conform to disciplined, industry best practices for information security.
This highly visible position will be front and center as we work to continuously modernize our solutions and change the way we apply technology across our systems. The Enterprise Security Architect must possess both a deep and wide background in information security being applied across a wide breadth of technologies spanning solutions built in the cloud (such as AWS, Azure, and GCP), on SaaS/PaaS platforms (such as SalesForce and Office 365), and modern deployments on "open" technology stacks. As a key member of the architecture team, the Enterprise Security Architect should be comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties and special projects may be assigned.

• Assists in the development and maintenance of a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
• Assists in the development of security strategy plans and roadmaps based on sound enterprise architecture practices
• Assists in the development and maintenance of security architecture artifacts (, models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
• Assists in the baselining of security configuration standards for operating systems (, OS hardening), network segmentation and identity and access management (IAM)
• Assists in the development of standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria
• Liaises with the vendor management (VM) team to conduct security assessments of prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data * Software as a service (SaaS) providers * Cloud/infrastructure as a service (IaaS) providers * Managed service providers (MSPs)
• Evaluates the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assesses the providers' audit reports (or alternative sources) for security-related deficiencies and required "user controls" and report any findings to the Chief Enterprise Architect, CISO, and vendor management teams
• Collaborates with other security architects and security practitioners to share best practices and insights
• Collaborates with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs
• Participates in application and infrastructure projects to provide security-planning advice
• Collaborates with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls
• Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
• Coordinates with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO
• Coordinates with the CDO and Information Security to document data flows of sensitive information in the organization (, PII or ePHI) and recommend controls to ensure that this data is adequately secured (, encryption and tokenization)
• Reviews security technologies, tools and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics
• Gather and analyze requirements from product owners
• Lead and mentor other team members
• Foster development best practices within the team
• Identify and drive process improvements
• Facilitate communication with cross-functional groups
• Work with the product organization to develop secure business requirements, develop the security architecture and integrate into the Bank's long term platform strategy
• Stay up to date on new tools & techniques in the information security space
• Conduct proof of concept activities with key business users in support of advanced use cases
• Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering ( Bank Secrecy Act, US PATRIOT Act, etc.).
• Adheres to Bank policies and procedures and completes required training.
• Identifies and reports suspicious activity.

EDUCATION College degree or equivalent management/work experience (At least 10 years), which includes practical experience in Information Technology and IT Security Minimum 4 years' experience with cloud-based enterprise infrastructure architecture and/or operations required.
EXPERIENCE

• Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF
• Direct, hands-on experience or strong working knowledge of managing security infrastructure -- eg, firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology
• 3+ years experience - AWS cloud experience
• 3+ years experience - Cloud security architecture experience
• Working knowledge of AWS cloud and 3rd party security controls and constructs: Experience with SIEM monitoring & logging tools and architectures (Splunk, Sumo Logic, etc)Experience with continuous cloud compliance tools and supporting architectures such as Redlock, Dome9, etcExperience with AWS IAM (roles, permissions, etc)Experience with AWS Certificate Manager (ACM) (for security certificate issuance, etc)Experience with AWS WAF and external (Internet) facing systems security patternsExperience with AWS encryption across various storage mediums (S3, EBS, etc)Experience with AWS Organizations and SCP policy conceptsExperience with 3rd party cloud network security tools such as Palo Alto firewallsExperience with AWS native cloud network & security constructs such as security groups, NACLs, etc
• AWS network experience (multi-AZ VPC, multi-region accounts, etc)
• Experience with data loss prevention methodologies/technologies in a cloud environment
• Experience reviewing application code for security vulnerabilities
• Direct, hands-on experience or a strong working knowledge of vulnerability management tools
• Experience designing the deployment of applications and infrastructure into public cloud services
• Direct experience designing IAM technologies and services: Active DirectoryLightweight Directory Access Protocol (LDAP)Amazon Web Service (AWS) IAM
• Strong working knowledge of IT service management (eg, ITIL-related disciplines): Change managementConfiguration managementAsset managementIncident managementProblem management
• Experience with the following Regulations, Standards and Frameworks: Payment Card Industry Data Security Standard (PCI-DSS)Sarbanes-OxleyGeneral Data Protection Regulation (GDPR)Privacy PracticesCSA Framework
• Strategic planning skills -- The Enterprise Security Architect must interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers
• Communication skills -- The Enterprise Security Architect will be required to translate complex security-related matters into business terms that are readily understood by colleagues The security architect should anticipate presenting analyses in person and in written formats
• Ability to stay composed in the face of opposition to architectural principles, governance and standards
• Ability to work independently
• Self-motivated
• Strong customer service skills