Job Description

We are seeking a highly skilled Lead Security Architect to join our Security and Risk Management team. This role is critical in identifying, assessing, and mitigating technology risks across the organization. The Lead Security Architect will conduct deep dives into security design assessments, prioritize risks, and provide comprehensive recommendations to the requestors. As a thought leader in security, you will be responsible for developing and maintaining security reference architectures and ensuring best practices in all security domains.

Key Responsibilities:

• Lead deep dive security assessments with the requestor to evaluate and assess technology risks in relation to business operations.
• Prioritize identified risks based on business impact and provide clear, actionable recommendations to mitigate those risks.
• Conduct assessments in key security areas, including:

• • Authentication, Authorization, Auditing

  • Application Security (Session Security, Vulnerability Pen Testing, Input Validation)

  • Secure Data Transport and Storage

  • Network Security Principles and Best Practices

  • Cloud Security Principles and Best Practices

• Periodically review and update security reference architecture and blueprints, incorporating enhancements and changes in the security landscape.
• Participate in Operational and Technology Risk governance processes, ensuring alignment with business priorities.
• Assist in identifying new areas and opportunities for technology investment that align with firm-wide strategic goals.
• Communicate technology risks effectively to both technical and business audiences, tailoring messages for senior management or technical teams.
• Demonstrate excellent time management skills, handling multiple concurrent assessments, tracking deliverables, and following up to ensure successful completion on time.
• Collaborate with stakeholders to deliver on short timelines and increased senior management involvement, ensuring a strong focus on delivery.

Mandatory Skills:

• Strong experience in Security Architecture with deep knowledge of securing enterprise environments.
• Proficiency in Java/J2EE and Spring Framework for application security.
• Familiarity with web technologies and securing web applications.
• Strong scripting skills to automate security assessments and integrate into CI/CD pipelines.
• Understanding of security design principles and how to apply them in real-world scenarios.
• Proven ability to influence key stakeholders with factual reasoning and clear, actionable insights.
• Excellent communication skills, including written, oral, presentation, and listening, with the ability to adjust communication based on the audience (technical vs business).
• Ability to handle multiple tasks, prioritize effectively, and work under tight deadlines.

Preferred Skills:

• Familiarity with cloud security best practices, particularly within AWS, Azure, or GCP environments.
• Experience with vulnerability management, penetration testing, and the use of relevant security tools.
• Strong understanding of secure application design, including input validation, session management, and data encryption.