Manager - Principal Security Architect: Secure Design (IC) - London Stock Exchange Group

Overview

Manager - Principal Security Architect: Secure Design (IC) – London Stock Exchange Group. This role leads acceleration of secure design artefacts and interventions, contributing to the Security Architecture Design team by adding capacity and capability to deliver secure design outcomes across projects.Responsibilities

Develop Security Architecture Design Patterns and Standards to comply with group security requirements, industry standards, customer requirements, regulatory requirements and good practices.Assist the development of and champion a Security Architecture control framework.Research, design and document the security posture requirements and controls for new technology; engage with technology acquisition processes to ensure all new technology is evaluated.Research industry trends and regulatory requirements.Lead the Security Architecture evaluation of risks identified in systems, including reviewing and proposing tactical and strategic remediation plans, and evaluating the cost/risk benefits of remediations.Promote secure by design practices with technical delivery teams for both existing and new systems; lead Threat Modelling activity.Nurture the use of secure technical practices to deliver technical excellence.Support experimentation and innovation in solving problems.Supervise third parties in their deliveries related to the domain area.Provide company representation related to information security, as needed.Contribute to the development of metrics and their monitoring to report the effectiveness and efficiency of the Security Architecture function.Contribute to the content and management of the Security Architecture intranet presence.Team Responsibilities

Guiding and mentoring other team members as required.Deputising for Senior Manager - Secure Design when required.Critical Deliverables

Developing and prioritising the security design pattern library.Developing and delivering the security design patterns – individually or with other teams as necessary.Working with neighbouring security teams and delivery projects to address emerging areas of secure design guidance and interventions.Developing security architecture interventions in business-specific processes for acquiring and developing new technology.Contributing to the development and reporting of metrics for the Secure Design team within the broader Security Architecture function.Impact

This is a group-wide role key to effective and efficient management of security risks associated with business technology systems. Success involves balancing the ability to work pragmatically with project teams, drive secure by design outcomes while enabling delivery, and evolving security architectural collateral to meet business needs.Work effectively with project teams to drive secure by design outcomes.Develop or refresh security architectural collateral based on planned and emerging business needs.Identify gaps in security architecture collateral during project delivery to add to the security design pattern library.Key Performance Indicators

Delivery of design patterns from development initiation to general availability.Successful outcomes from security architectural interventions with delivery projects.Functional knowledge and experience

7+ years of increasing responsibility in technical engineering or information security roles, security architecture preferred.Experience of enterprise architecture frameworks and their application.Experience in threat modelling / design pattern development.Proven experience in designing and applying security controls into distributed systems (on premises and cloud).Thorough understanding of the latest security principles, techniques and protocols.Critical, independent thinking; problem-solving skills; ability to work under pressure and be self-starter.Deep understanding of vulnerabilities and their manifestation across architectures (web apps, thick clients, APIs, networked infrastructure, etc.).Familiarity with industry standard guidance (OWASP Top 10, SANS Top 25, NIST/CSC, CIS, NCSC, etc.).Applied understanding of authentication, access control, encryption, cloud security, operating system security, network security, database security.Experience writing succinct, reader-oriented, visually compelling documentation.Familiarity with developer tools (GitLab/Azure DevOps) and some experience with YAML/Markdown/Terraform.Business and sector expertise

Preferred prior experience in the financial services and/or technology sector.Preferred prior experience in a heavily regulated environment.Leadership and management experience

Experience supervising and supporting specialist individual contributors; capable of inspiring delivery of outcomes.Experience working with remote and offshore team members.Collaborative work style ensuring stakeholders are engaged in decision making.Highly adaptable and able to approach challenges creatively to achieve goals.We are an equal opportunities employer and do not discriminate on protected characteristics. We may reasonably accommodate applicants’ religious practices and beliefs, as well as mental health or physical disability needs where required by law. Please review our privacy notice for information handling and your rights as a data ..... full job details .....