Associate Director Security Architecture

Are you ready to make an impact at DTCC

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The impact you will have in this role:

As a Network Security Architect in the Cybersecurity Architecture Center of Excellence, your responsibilities include a comprehensive review and redesign of the existing network security infrastructure and capabilities for on-premises, client, and hybrid-cloud environment. You will also influence changes in existing control standards, create new IT security standards that are easily consumed by stakeholders, create specific security patterns & diagrams, and own the relevant 3-year capability roadmap. This role will be key in ensuring a Security-First mindset during DTCC's technology modernization journey.

Your Primary Responsibilities:

• Produce security architecture deliverables as part of initiatives related to network modernization and Zero Trust paradigm.
• Proactively identify security gaps, propose solutions, and follow through with engineering teams for implementation.
• Be the subject matter expert for Network Security through the enterprise along with the security architecture team.
• Inspire team members and junior staff to contribute new ideas and alternative approaches
• Design and optimize solutions to protect organization's network infrastructure, integrating cloud-based and on-premise components such as firewalls, load balancers, WAF, proxies, SD-WAN solutions, DDoS mitigation systems.
• Create and drive the internal and client network security capability roadmap within information technology & the respective IT stakeholders.
• Create and drive the Zero Trust network modernization roadmap within information technology & the respective IT stakeholders.
• Design Zero Trust network security controls through modern security technologies such as CASB, CNAPP.
• Influence change of control policies with Technology Risk Management & build strong partnerships with IT Architecture & Application Development partners.
• Create IT security standards and drive best-practices which are easily consumed by IT stakeholders.
• Lead the technical analysis of network security capabilities with the aim of delivery new or enhanced security capabilities.
• Identify automation opportunities for network security controls lifecycle management.
• Act as the domain specialist to help guide and shape how network security controls are enabled and enforced.
• Mentor junior security architects to enhance their security and architecture skills within the team.
• Deliver high-quality executive architecture presentations and demonstrations.
• Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.
• Create white papers and presentations in industry conferences to present thought leadership in security field.
• Align risk and control processes into day-to-day responsibilities to monitor and mitigate risk escalates appropriately

Quailifications:

• 7+ years of related experience
• Bachelor degree preferred in STEM areas such as Computer Science, Electrical & Computer Engineering, Information Management, Big Data & Analytics

Talents Needed for Success:

• Strong Information Security experience, specifically in network security domain (on premise and hybrid-cloud).
• Solid working knowledge with Next Gen firewalls and features such as URL, IPS, malware and content filtering, proxies, WAFs, traffic capturing and inspection technologies.
• Provide expert knowledge and experience performing deep packet troubleshooting with Wireshark, packet analyzer.
• In-depth knowledge of Zero Trust paradigm and network pillar designs improvements aligned with Zero Trust best practices.
• Working knowledge with 3+ vendors such as: Palo Alto NGFW, F5 LTM, APM, GSLB/GTM, Zscaler, Akamai, AWS network primitives (VPC, Direct Connect), Azure network primitives (VNET, Express Route).
• Experience in routing protocols and switching, BGP, OSPF, VRF, GRE, NAT/PAT, MPLS, SSL, IPSec tunnel, SSL offloading, multicasting, traffic balancing, high availability techniques, IPv4, IPv6.
• Expert level experience with WAN deployments including EIGRP/BGP route redistribution over MPLS and/or SD-WAN networks, route maps and filtering, traffic prioritization and QoS policies.
• Solid experience with Python, networking fundamentals, OS (Windows/Linux) security.
• Experience with Information Security frameworks (e.g. ISO 27001 and NIST) & security architecture frameworks.
• Proficient in how Active Directory works.
• Knowledge of Public DNS.
• Familiar with PKI and SSL Certificate management.
• Solid analytical skills to troubleshoot high-level, complex and technical problems.
• Strong organizational skills and multi-tasking ability.
• Ability to prioritize and execute tasks in high pressure environment and make sound decisions in emergency situations.
• Strong technical writing skills to support required documentation.
• Has strong communication skills with the ability to present in front of large audience.
• Demonstrated ability to collaborate between product management, engineering, risk, and IT teams.
• Willingness to learn, be a team player and a strong cross functional partner.
• Adapts quickly to changes in business requirements.
• Self-motivated individual that can work independently on projects, as well as a team player working towards a common goal.

IT Architecture and Enterprise Services are responsible for enabling digital transformation of DTCC. The group manages complexity of the technology landscape within DTCC and enhances agility, robustness and security of the technology footprint. It does so by serving as the focal point for all technology architectural activities in the organization as well as engineering a portfolio of foundational technology assets to enable our digital transformation.