|Published||June 30, 2021|
Why you'll love this job:
Being a member of the Technology Risk Management (Information Security) office, the Security Architect is an authority with strong desire to learn and experiment with new technologies. This candidate will be responsible for providing highly sophisticated technical and analytical skills to the Technology Risk (TR), Information Security. Under the supervision of the Director of the Security Technology Team, this position will assist in the development and assessment in the areas of cloud security architectures, designs, policies, and control standards with a special emphasis on Amazon Web Services (AWS) and Microsoft Azure. Works with other senior system and application architects to ensure technical quality of sophisticated security focused work and alignment to security standards, governance, and controls practices. Incumbent should be considered a security and technical specialist in cloud and Distributed Ledger Technology (DLT) security technology, architecture, designs, systems implementation, and integration, with deep, niche knowledge of AWS, Azure, and multiple block chain protocol and networks. Conducts technical research when vital to supply to setting corporate security direction and strategy.
- Provides Cloud Security master level advice and mentorship related to all DTCC activities including Information as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) initiatives, projects, plans, and reviews with a niche focus on Amazon Web Services (AWS)
- Conduct detailed risk and security assessments for DLT solutions in scope to resolve feasibility of successful implementation
- Engage with technical teams in education /advocacy of security for proposed DLT solution. Ensure the proposed DLT solutions meets the corporate security controls and policy standards in crafting & operating the applications
- Works cross functionally to evolve DLT and cloud based DTCC products while adhering to DTCC’s Information Security Policies and Control Standards
- Provides cutting edge security mentorship and assistance to development teams using the concepts of DevSecOps
- Assists project teams during system design and project lifecycle to: define time tables and project plans, including achievement definitions and progress tracking; draft logical architectural and design models with a focus on cloud security; Consults with application development teams to resolve cloud security requirements and for planning and delivering cloud based business solutions; promote the efficient deployment of IT assets to cloud environments in a secure and policy compliant manner, ensures compliance with security policies, guidelines, standards, controls, and governance
- Participates in working groups of domain specialists for definition and review of security standards, guidelines, principles, governance, and controls
- Actively gives senior information security architectural advice to TR members, multi-functional application development teams, various councils and committees and architecture roundtable meetings
- Works closely with multiple senior security architects to ensure a shared vision across DTCC for cloud architecture and security
- Gives to overall strategy and cloud development by crafting, developing, and implementing new cloud security technologies as vital to support DTCC business and solutions
- Defines, publishes, and maintains processes for security governance (i.e. compliance to principles, guidelines, and standards)
- Coordinates the monitoring of the life cycle of specific cloud security assets
- Identifies, understands, and documents extensions to, and variants from, cloud security and architecture standards
- Mitigates risk by following established procedures, spotting key errors, and demonstrating strong ethical behavior
- Deep knowledge and experience of cloud computing infrastructure, application development methodologies, best approach, and available and emergent services in several cloud provider environments including Amazon Web Services (AWS) and Microsoft Azure
- Knowledge of various blockchain networks, token protocols, consensus algorithms, public and private key cryptography, symmetric, hash functions, encryption/signatures
- Shown knowledge of technical infrastructure, networks, databases, and systems and how they affect an organization’s cybersecurity risk
- Validated knowledge of security methodologies, policies, standards, and best plan of attack.
- Confirmed knowledge of information technology systems, infrastructure, and operations
- Ability to explain and articulate technical concepts using both technical and non-technical language
- Critical thinking and analytical skills
- Able to work closely by building consensus and influencing decision making to develop forward progress with projects and initiatives
- Strong oral and written communication skills
- Good interpersonal skills, coupled with ability to be versatile and flexible
- Sound business judgment and the ability to work optimally with all levels of management
- Experience using cryptography material such as certificates for identity management to authenticate members, transactions etc.
- Experience with Docker, Kubernetes, and other container orchestration solutions.
- Experience and/or certifications with Amazon Web Services, Google Cloud Platform, or Microsoft Azure; namely choosing platform components and assembling application and runtime architecture
- 3 or more years of hands-on experience with one or more blockchain platforms: R3 Corda, Hyperledger Fabric, DAML, Enterprise Ethereum, Hyperledger Besu
- 5 - 7 years of risk assessment experience in one or more areas: application, infrastructure, vendor risk management
- Financial Services Industry experience a plus but not required
- Proficiency with Information Risk Management standard methodologies
Education, Training and Certification:
- Minimum of 10 years of related experience
- Bachelor's degree preferred with master’s or equivalent experience
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
DTCC safeguards the financial markets and helps them run efficiently, in times of prosperity and crisis. We are uniquely positioned at the center of global trading activity, processing over 100 million financial transactions every day, pioneering industry-wide, post-trade solutions and maintaining multiple data and operating centers worldwide. From where we stand, we can anticipate the industry’s needs and we’re working to continually improve the world’s most resilient, secure and efficient market infrastructure. Our employees are driven to deliver innovative technologies that improve efficiency, lower cost and bring stability and certainty to the post-trade lifecycle.
Our work environment favors openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you’ll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It’s the chance to make a difference at a company that’s truly one of a kind.
Our Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.
The Technology Risk Management department is responsible for setting strategic direction in the areas of IT Risk and Information Security. They are accountable for maintaining DTCC's corporate security policies and control standards and acting as an operational arm for monitoring threat intelligence.