Skills

Leadership Problem Solving Cloud Security Monitoring Research Architecture Security Architecture Enterprise Architecture

Job Specifications

Security Architecture – Secure Design Team

Role: Senior Manager – Secure Design (People Leader)

Grade: GG14

Security Architecture Design team is responsible for developing Security Architecture patterns; developing security controls needed for new technology; promoting the use of the architectural patterns into development projects; Leading the Security Architecture Design Forum; Evaluating architectural security risks in existing systems; Consulting with system development teams and architects on building security into their design.

This role has responsibility for building and setting the direction of the team, and for the teams output.

Reports to: Director - Security Architecture

Key relationships & committees

Security Domain Forum (chair)
CTO / Architecture Governance
Business Aligned Principal Security Architects
CyberSecurity Engineering
CyberSecurity Application Security Team
Cloud Security Architecture

Key Responsibilities

Lead and manage the Security Architecture - Design team – a team of technical professionals.
Chair the Security Architecture Design Forum
Design and publish Security Architecture Design Patterns and Standards to comply with group security requirements, industry standards, customer requirements regulatory requirements and best practices.
Own, develop and champion a Security Architecture control framework.
Research, design and document the security posture requirements and controls of new technology introduced into the Group. Engage with technology acquisition processes to ensure all new technology introduced is evaluated. Research industry trends and regulatory requirements.
Own the Security Architecture evaluation of risks identified in systems, including reviewing and proposing tactical and strategic remediation plans, and evaluation the cost / risk benefits of remediations.
Consult, and champion the adoption of security design, with technical delivery teams for both existing systems and new systems.
Engages with the BISO and Solution architects in the development of product specific information security plans.
Nurture and enforce technical practices in order to deliver technical excellence.
Foster and support experimentation and innovation in solving problems
Manage third parties in their deliveries related to the domain area
Finances for the team and any product or services are accurately budgeted for and managed
Provides company representation, internally and externally, related to information security, as needed.
Establishes metrics and monitoring to report the effectiveness and efficiency of the Security Architecture function.

Leadership Responsibilities

Leader and manager of a team of Security Architects [FTE], as well as consulting / scaleout resource as needed.

Leadership / chair of group-wide initiatives and forums (e.g. Architecture Design Forum)

Ensure team has correct resources allocated to deliver.

Critical deliverables

Building the Security Architecture Design Team

Delivering the security design patterns, with full audit trail

Developing and maintaining the security architecture control framework.

Ensuring Security Architecture is built into group wide and business specific processes for acquiring and developing new technology, including developing any needed processes.

Developing and publishing core metrics for the security architecture team

Impact

This is a group-wide role which is highly important to the management of security risks associated with business technology systems.

The role is key to addressing regulatory concerns for all of our regulated entities related to cyber security and cyber resilience.

As well as being key to securing the groups systems, this role also delivers the ability to demonstrate to regulators, auditors and internal control functions that security is being delivered.

Notable KPIs

Delivery of design patterns (pace of delivery, and coverage of pattern library)
Internal consulting hours recharged
Functional and security risk metrics designed, delivered and reported on
All finances for the team are managed accurately. No unbudgeted costs incurred for business as usual operation

Technical / job functional knowledge

10+ years of increasing responsibility in technical engineering or information security roles, security architecture preferred.
Experience in enterprise architecture frameworks
Experience in thread modelling / deign patterns
Proven Experience in designing and applying security controls into distributed systems (on prem and cloud)
Thorough understanding of the latest security principles, techniques and protocols
Critical thinker
Problem solving skills, ability to work under pressure and self-starter
Deep understanding of common as well as emerging vulnerabilities and how they manifest in different types of applications (web applications, thick clients, APIs, etc)
Familiarity with OWASP Top 10, SANS Top 25, NIST / CSC, CIS etc.
Applied understanding of topics such as authentication, access control, encry

About the Company

LSEG (London Stock Exchange Group) is a diversified international markets infrastructure business —earning our clients’ trust for over 300 years. That legacy of customer-focused excellence ensures that you can rely on our expertise in capital formation, intellectual property and risk and balance sheet management. As global leaders in financial indexing, benchmarking and analytic services, we offer unrivalled access to international capital markets. Our high-performance technology solutions enable companies worldwide to acc... Know more