Job Specifications
Security Architecture - Secure Design Team
Role: Manager - Principal Security Architect: Secure Design (Individual Contributor)
Grade: GG14
The Security Architecture Design team is responsible for developing Security Architecture patterns, developing security controls needed for new technology, promoting the use of the architectural patterns into development projects, leading the Security Architecture Design Forum, Evaluating architectural security risks in existing systems, consulting with system development teams and architects on building security into their design.
This key task of this role is accelerating the delivery of secure design artefacts and leading secure design interventions - by adding capacity and capability to the team.
Reports to: Senior Manager - Secure Design
Key Relationships
Business Aligned Principal Security Architects
CyberSecurity Engineering
CyberSecurity Testing and Vulnerability Management
Cloud Security
Identity Management
Security Architecture Design Forum (member)
Project teams
BISOs
Key Responsibilities
Develop Security Architecture Design Patterns and Standards to comply with group security requirements, industry standards, customer requirements, regulatory requirements and good practices.
Assist the development of and champion a Security Architecture control framework.
Research, design and document the security posture requirements and controls of new technology introduced into the Group. Engage with technology acquisition processes to ensure all new technology introduced is evaluated.
Research industry trends and regulatory requirements.
Lead the Security Architecture evaluation of risks identified in systems, including reviewing, and proposing tactical and strategic remediation plans, and evaluation of the cost / risk benefits of remediations.
Actively contribute to the adoption of secure by design practices, with technical delivery teams for both existing systems and new systems, e.g. use of internal or external guidance, leading Threat Modelling activity.
Nurture the use of secure technical practices to deliver technical excellence.
Support experimentation and innovation in solving problems
Supervise third parties in their deliveries related to the domain area
Provide company representation, internally and externally, related to information security, as needed.
Contributes to the development of metrics and their monitoring to report the effectiveness and efficiency of the Security Architecture function.
Contributes to the content and management of the Security Architecture intranet presence.
Team Responsibilities
Guiding and mentoring other team members as required
Deputising for Senior Manager - Secure Design when required
Critical Deliverables
Developing and prioritising the security design pattern library
Developing and delivering the security design patterns - individually or in conjunction with other teams, as necessary
Working with the neighbouring security teams and delivery projects to address emerging areas of secure design guidance and interventions
Developing security architecture interventions in business specific process for acquiring and developing new technology
Contributing to the development and reporting of metrics for the Secure Design team, within the broader Security Architecture function
Impact
This is a group-wide role which is key to effective and efficient management of security risks associated with business technology systems.
The success of the post holder will be in balancing the major aspects of the role:
the ability to work effectively and pragmatically with project teams, to drive secure by design outcomes, while enabling projects to deliver.
develop or refresh security architectural collateral - based on the planned and emerging needs of the business
during project delivery, identifying gaps in security architecture collateral to be added to the security design pattern library
Key Performance Indicators
Delivery of design patterns (timeframe from development initiation to substantive draft, through to general availability)
Successful outcomes from security architectural interventions with delivery projects
Functional Knowledge And Experience
7+ years of increasing responsibility in technical engineering or information security roles, security architecture preferred.
Experience of enterprise architecture frameworks and their application
Experience in threat modelling / design pattern development
Proven Experience in designing and applying security controls into distributed systems (on premises and cloud)
Thorough understanding of the latest security principles, techniques and protocols
Critical, independent thinking
Problem solving skills, ability to work under pressure and self-starter
Deep understanding of both common and emerging vulnerabilities including their manifestation in different architectures (web applications, thick clients, APIs, networked infrastructure etc)
Familiarity with industry standard guidanc
About the Company
LSEG (London Stock Exchange Group) is a diversified international markets infrastructure business —earning our clients’ trust for over 300 years. That legacy of customer-focused excellence ensures that you can rely on our expertise in capital formation, intellectual property and risk and balance sheet management.
As global leaders in financial indexing, benchmarking and analytic services, we offer unrivalled access to international capital markets. Our high-performance technology solutions enable companies worldwide to acc...
Know more