Principal Enterprise Security Architect

The Enterprise Security Architect role is responsible for developing the Enterprise Architecture vision and target state security architecture for CNB and advising/assisting other Enterprise Architects, Domain Architects, and Solution Architect within the bank. 

At a principal level, the EA security expert helps lead efforts to deliver enterprise technology roadmaps based on the enterprise business strategy and target state architecture. Develops, maintains, and enhances system architectures acting as a security consultant within programs and projects. Influences business and drives IT to maintain adherence to enterprise standards, principles, and target state architecture with a focus on security. Collaborates with colleagues across CNB to understand user requirements, evaluate technologies, and recommend solution options that enhance the overall target state technology landscape - aligning with InfoSec, Compliance, and Cyber Security policies and standards. Leads efforts in defining, enforcing, and evangelizing enterprise security technology standards, principles, and best practices that support CNB's technology vision. 

The Principal Enterprise Security Architect is a mentor and role model for less experienced architects. The Principal Enterprise Security Architect interfaces and collaborates across all business areas, acting as a visionary to proactively assist in defining the direction of current and future projects and initiatives. Conceive strategies, solutions, build consensus, and sell/execute solutions. This EA is involved in all aspects of the strategic project life cycle, from the initial kickoff through the requirements analysis, design and implementation.

Additional responsibilities include the establishment of the overall architectural viewpoints and the establishment and oversight of organization standards and policies. Serving in this role requires an individual to be a self-starter, work independently, and as a team member. They have to have strong communication skills in interfacing with business partners and the IT community. The Principal Enterprise Security Architect is also responsible for educating and guiding others on security related architectural standards, principles, methodology and trends. The Principal Enterprise Security Architect provides guidance, road maps, principles, standards and best practices. They must be focused on enabling business and IT leaders to make investment decisions that balance and prioritize current operational demands, disruptions, and opportunities with the longer-term strategic security vision of the organization. 

• Serves as the primary liaison between Enterprise Architecture and the InfoSec and CyberSecurity groups.
• Serves as the lead security liaison on assigned enterprise initiatives and projects.
• Serves as a security advisor/consultant to key technology and business stakeholders, establishing trust relationships through active engagement and collaboration.
• As a key member of the Enterprise Architecture team, the candidate should be comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences.
• Ensures system architectures are utilizing secure design patterns to develop future state technology solutions including CIAM/IAM platforms.
• Builds reference architectures, patterns, and best practices that drive architectural alignment across the enterprise.
• Researches, enforces, and drives the adoption of design patterns throughout the enterprise and evangelizes best practices for solution design and development.
• Works collaboratively with teams across CNB, leads efforts in identifying, rationalizing, and solidifying solution design requirements and where deficiencies are found researches and establishes new standards, methodologies, and processes.
• Leads the preparation and presentation of architecture strategy through analysis of industry trends and future technology advances. Mentors less experienced architects.
• Assists in driving the establishment of architecture and development standards formally presenting them through the Architecture Review Council (ARC) and Technology Review Council (TRC).
• Assists in driving software, application, and infrastructure rationalization at the assigned business unit and enterprise level
• Partners with other CNB areas to manage risk within the organization through establishing reusable frameworks, processes, and methodologies.
• As an ambassador of Enterprise Architecture – supports the development the vision, principles, and goals of the EA organization.
• Develops executive presentations, solutions design documentation, and point of view technology white papers formally presenting them to executives, management, and employees throughout the company.
• Develops strong business relationships with other IT departments and assist less experienced architects with developing business relationships skills.
• Provides input and recommendations to delivery teams - related to architecture, design, coding practices and SDLC elements that could potentially impact the application or solution from a security perspective.
• Assist other architects in understanding and complying with CNB security policies and standards.
• Maintains contact with vendors, industry peers, and professional associations to keep informed of existing and evolving industry standards and technologies and evolving industry standards and technologies.
• Develops secure architectures for highly scalable and fault-tolerant applications that adhere to CNB security policies and standards.
• Leads definition and maintenance of security reference architectures that provide roadmaps and design guidance for key security domains such as application, infrastructure, datacenter, cloud platforms and products, IAM/CIAM integration, data privacy and enabling services.
• Ensures IT solution implementations align with enterprise security standards, policies and procedures.
• Provides security oversight on all transformative technology projects to advise and guide technology products to follow established security standards.
• Translates complex security-related matters into business terms that are readily understood by colleagues.
• Interprets business, technology and threat drivers, and develops practical security roadmaps to deal with these drivers
• Reviews application architecture and design from an application and infrastructure security perspective ensuring alignment with organization security standards and industry best practices.
• Contributes to Security Policies, Standards, and Non-functional requirements.
• Coordinates with Internal Audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls.
• Works with CNB InfoSec team to contribute to the definition of CNB's overall security roadmap and support business planning, requirements and investment case definition in support of the implementation of security measures.
• Represents the Enterprise Architecture team on CNB's Architecture Review Council (ARC) and Technology Review Council (TRC) with an authoritative voice to ensure proposed solution architectures, and new technologies, adhere to the enterprise security standards and comply with CNB's security principles, policies, standards, and risk management frameworks.
• Participates in the development of requirements to facilitate both business vision realization and security architecture target state creation.
• Influences product direction and integrates technology from a security and architectural perspective within the business environment.
• Works effectively within a team, supporting other members of the team in achieving business objectives and providing client services, lessons learned and knowledge transfer.
• Facilitates communication with cross-functional groups.
• Identifies and drive process improvements.
• Fosters and maintains good relationships with colleagues to meet expected customer service levels.
• Advocates for secure coding practices.
• Identifies opportunities to establish new standards and reference architectures that can be re-used on future initiatives.
• Represents the bank by actively participating in outside civic and community affairs, business and industry-related organizations, and other professional activities as appropriate.

Must-Have*

• Bachelor's Degree
• Minimum of 12 years of experience in enterprise integration design, development, and implementation
• Minimum of 12 years of experience in Microsoft .NET platform development or Java/Linux development
• Minimum of 3 years of experience in leadership roles either as a direct manager or matrix manager leading technical resources
• Minimum 2 years cloud implementation experience (Azure and/or AWS)
• Minimum 3 years of experience in a Senior Enterprise Architect or comparable senior management role.

Skills and Knowledge

• Excellent presentation skills.
• Excellent verbal and written communications, interpersonal, and analytical skills is required.
• Strong attention to detail and critical thinking skills with ability to catch corner cases and details that may be missed in architecture designs
• Experience with Agile development methodology including Scrum, XP, FDD, TDD, and SAFe.
• Experience leading security design and implementation of technologies in on-prem, public cloud, Software-as-a-Service, and Platform-as-a-service solutions – to include security architecture concerns for for modern web, mobile, and integration between cloud & on premise platforms.
• Familiar with cloud-based enterprise security technologies
• Broad understanding Governance Risk & Compliance (GRC)
• Experience with Regulatory and compliance frameworks and requirements such as HIPAA, GDPR, SOX, country, state, and local data protection laws
• Ability to translate business drivers, requirements and priorities into security design.
• Ability to build risk models and analyze security weaknesses in complex technology deployments Ability to balance long-term/strategic vision with short-term perspective of situations
• Experience in security hardening techniques and policy development
• Experience with Information/ata security - encryption, obfuscation, tokenization and PKI.
• Familiar with secure software coding practices and OWASP: Open Web Application Security Project.
• A collaborative approach with proven expertise and ability to influence technical SMEs, developers, product owners, and other architects on security issues
• Knowledge and understanding of distributed system architectures, including networks within a global enterprise environment
• Enterprise experience with API management toolsets, DevOps, server infrastructure, network infrastructure, caching methodologies, information security, and database technologies
• Hands-on experience with identity and access management solutions such as Ping Identity, Centrify, SailPoint, AWS IAM
• Experience in SecDevOps methodologies and pipeline security automation technologies (CI/CD Pipeline, SAST, DAST, testing automation, etc.)
• Working knowledge of risk control frameworks, processes and associated policies, standards, and solution architecture (e.g. NIST 800-53, Cybersecurity Framework, Zero Trust)
• Experience using the Bizzdesign EA tool (Enterprise Studio Online), and ArchiMate 3.x notation
• TOGAF certification
• Two or more of the following, preferred:
  
  • ISACA Certified in Risk and Information Control (CRISC)
  • Certified Information Systems Security Professionals (CISSP), Information Systems Security
  • Architecture Professional (ISSAP)
  • Certified Information Systems Security Professionals (CISSP), Information Systems Security
  • Engineering Professional (ISSEP)
  • CSA Certificate of Cloud Security Knowledge (CCSK)
  • ISC2 Certified Cloud Security Certification (CCSP)
  • Global Information Assurance Certification (GIAC)
  • Microsoft Certified: Azure Solutions Architect Expert
  • CompTIA Advanced Security Practitioner (CASP+)