Principal Cyber Security

Principal Cyber Security Architect

The Principal Cyber Security Architect provides cyber security advisory services to business units at the Bank, and supports IT initiatives and business projects by recognizing security risks and implementing security controls in adherence to the Bank security policies and standards. The architect leads other security analysts and directly engages the Bank IT teams to integrate new and existing security solutions. The Architect will be assigned to large, enterprise and mission critical projects and implement security strategy and architecture, in order to protect the Bank assets, manage risk, and maintain compliance.

Essential Functions:

• Defines, refines, and maintains THE BANK Security policies, standards, and repeatable security architectural patterns
• Identifies and prioritizes security activities in large complex projects with multiple stakeholders
• Reviews, analyzes, and drafts security risk assessments in support of policy exception requests, and issue and risk prioritization
• Participates on Architecture Review Boards, Centers for Excellence, and overseas security participation in enterprise risk management and process improvement activities.
• Mentors security analysts
• Engage in cross functional requirements analysis, supports process improvements, issue identification and preparation of issue reporting for senior leadership

Knowledge:

• Deep understanding of security architectures, defense in depth, cloud and on-prem security models and concepts
• Proficient in designing and deploying IaaS security solutions, preferably in AWS public cloud.
• Deep understanding of SIEM,
• Experience and working knowledge of network architecture, subnetting, and TCP/IP protocols, and OSI model layers and protocols at each model layer
• Understanding of international and United States laws and regulations impacting cyber security and personal data privacy, including GLBA, SOX, and the FFIEC Information Security requirements
• Working knowledge of security frameworks and control references such as NIST CSF, CIS 20, COBIT, PCI DSS, OWASP, ISO 27000 family and NIST SP 800 series.
• Familiar with various security architectures and methodologies (Defense in Depth, Kill-Chain, NIST, Critical Controls, OWASP, etc.)

Skills:

• Excellent analytical and problem-solving skills
• Ability to demonstrate empathy while seeking common interests; effective problem and conflict resolution skills
• Scripting skills (Shell, Python, Java, PHP, PowerShell, etc.) preferred but not required
• Familiar with government security standards and regulations including GLBA, SOX, PCI, COBIT, ITIL
• Familiar with various security architectures and methodologies (Defense in Depth, Kill-Chain, NIST, Critical Controls, OWASP, etc.)
• Leadership qualities, desire to influence horizontally and vertically, and mentor team members.
• Excellent written and verbal communication skills
• Extensive experience in global and enterprise level environments

Education & Experience:

• Bachelors degree in management Information Systems, Computer Science, and/or Business, or equivalent work experience
• 7+ years working in IT security domain
• Experience implementing, supporting, or defining requirements for security tools such as WAF, SIEM, IPS, CASB, EDR, Email protection, DLP
• Experience with AWS public cloud services and security tools
• Experience with SIEM technologies, specifically Splunk.
• Experience with cloud technologies specifically AWS.
• Experience with AWS in a security environment preferred.
• Experience working with Windows and Linux operating systems
• Experience doing vulnerability assessments, risk assessments and penetration testing

Certifications:

• One or more of the following professional certifications: CISSP, CISM, SANS GIAC, CISA, Security+, AWS Solutions Architect, AWS Security Specialist (or willingness to obtain within 6 months)
• Strong demonstrated knowledge of networking and TCP/IP protocol or networking certification (CCNA)