Principal Security Architect

Purpose of the Role

Working with the Head of Security Strategy & Architecture, the Lead Security Architect will own, develop and mature the security architecture framework and ensure it is effectively embedded within the Groups change and delivery methods. They will also run the demand pipeline into the team and lead all aspects of the engagements and work of a skilled team of security architects, who are working on the security architecture and design elements of a diverse range of change initiatives within the group. They will also be required to act as an advocate for security architecture and provide architectural leadership, collaborating with other senior architecture leads across the group to do so. The role holder will be key to our ambition to embed security by design effectively within the organisation successfully, in support of our business goals.

Key Accountabilities

• Own and lead the security architecture framework and ensure it operates optimally. Drive incremental maturity of associated processes and artefacts and implement ways to measure effectiveness.
• Take main responsibility for maturing the security architecture capability of the group, and play a supporting role for maturing other key security domains
• Provide architectural leadership for information security across the architectural community within the group
• Contribute to the creation of various target architectures and to the subsequent project planning and execution to achieve these targets
• Build and maintain required security patterns and a security reference architecture
• Lead the development and execution of architecture and engineering strategies to continuously improve our security posture as the threat landscape evolves
• Partner with business partners and technical teams to craft, integrate, test, and deploy security solutions. This includes system-level architecture and design, risk assessments, and definition of technical security controls vital to achieve security requirements
• Provide thought leadership on Cyber and Cyber Risk, and contribute to the review and development of the cyber strategy
• Provide leadership to a team of architects, designers and engineers
• Oversee the demand pipeline of requests for security architecture engagement, and capacity within the team

What is the opportunity?

This is an opportunity to play a senior and key role in the evolution of security architecture within the company. We’re serious about security by design, and we’re looking for someone to join us to drive this agenda over the coming years, and to act as a champion for change and transformation.

Essential Qualifications

• 3rd level degree in a computing or other technical discipline, or equivalent experience.
• SABSA SCF, TOGAF or other relevant architecture qualification.

Essential Skills & Experience

• Network architecture, Cloud security architecture.
• Demonstrable experience in leading the Security Architecture & Design agenda in large organisations, preferably within the financial services industry.
• Demonstrable management experience and ability to lead technical teams.
• Proven competency in critical thinking and leadership.
• Ability to work in a dynamic, fast paced environment with limited direction and change oriented where the individual actively defines process improvements, champions and inspires change initiatives, confronts difficult circumstances in creative ways, balances multiple competing priorities and executes accordingly.

Desirable Qualifications, Skills & Experience

• SANS or any other equivalent security certifications. Networking certifications (e.g. CCNA) would also be desirable but not essential.
• CRISC, CISM, CCSP, CCSK. AWS Certified Solutions Architect (or Azure equivalent).
• Application Security – architecture, development, secure coding practices.
• Experience with software development methodologies such as waterfall, Agile, DevSecOps. NIST CSF, IRAM2, Threat Modelling.