Your new company
The company is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
Your new role
The IT Security Architecture (SecArch) team is part of the Technology Operations Risk (TOR) organization. The mission of the SecArch team is to provide security design, security consulting and security assessments of technology systems and processes to identify business risks and recommend remedial action based on established security standards or security best practices.The Security Architecture works with team members (IT, Business, Suppliers, Stakeholders and Partners) globally to perform SecArch assessments.
What you'll need to succeed
- Co-design security architecture of various IT solutions along with domain architects and designers
- Drive SecArch deep dives with the requestor of the assessment
- Conduct assessment and provide technology risk/requirements to the requestor. Areas covered:
- AAA – Authentication, Authorization, Auditing
- Application Security – Session Security, Vulnerability/Pen Testing items, Input Validation
- Secure data transport and storage
- Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
- Participate in various Operational and Technology Risk governance processes
- Assist in identifying new areas and opportunities of technology investment for the firm
Security Architecture Skills
- Required – Hands-on Security Design experience in one or two of the following domains: Compute, Storage, Network, End User Technology, Enterprise Security Platform, Mobile, Cloud infrastructure.
- Required – In depth knowledge of application, network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers
- Required – Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy-in.
- Required – Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
- Required – The candidate must have working experience in the following application/network security domains:
- Authentication: SAML, SiteMinder, Kerberos, OpenID
- Entitlements and identity management
- Data protection, data leakage prevention and secure data transfer and storage
- App Security - validation checking, software attack methodologies
- Cryptography – encryption and hashing
- Required – In-depth knowledge of web technologies such as Web Browsers, Web Servers, Web Services
Other Areas of Expertise
What you'll get in return
- Database design and programming experience
- Experience of liaising with 3rd Party Entities (exchanges, suppliers, regulators)
- Experience in conducting and / or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments
- Understanding of geographic regulations and their impact on Security assessments
- Previous experience in Financial Services is preferred
- CISSP or other industry qualification
What you need to do now
- The opportunity to work in a leading investment bank
- The opportunity to collaborate with like-minded individuals
- The career development opportunities working in a fast-paced environment
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career. #1230770