Sr. Director, Security Architecture

Overview:

The Chief Security Architect is responsible for the development and evolution of the enterprise security architecture at Northern Trust. As a subject matter expert, the Chief Security Architect will report into the CISO and is expected to provide technical leadership and design guidance across the organization, define long-term roadmaps for security process and technology. A key function of the role will also be to provide guidance and establish enforcement of security requirements across the lines of business.

Reporting Structure:

• Direct report to Regional CISO
• Collaborates with and consults Regional CISOs, Line of Business CIOs, and their respective teams
• Collaborates with the Enterprise Technology Architecture function to ensure alignment

Primary Responsibilities:

• Responsible for leading the global Security Architecture function team and building & staffing a global team
• Ensures architecture solutions align with global regulatory requirements, and internal cybersecurity & technology policies
• Partners with key Northern Trust stakeholders to provide input to applicable enterprise wide security policies
• Ensures effective engagement between the Business Units, Enterprise Architecture, IT, and security functions as it relates to Enterprise Security Architecture processes
• Leads the Security Architecture teams to provide consultancy, assurance and security pattern development functions
• Owns security architecture patterns development, methods, and frameworks
• Helping ensure that security is natively incorporated into the organization's operating environment and that these environments are sufficiently protected to defend against modern cyber threats
• Work closely with architects, product, and software engineering teams to design secure architecture and patterns around Northern Trust products and applications, and enforce standard company policies and procedures that adhere to software development standards
• Acts as the Security Architecture evangelist at Northern Trust and consult senior management as needed
• Stays abreast of latest developments in the security industry, technology and threats

Qualifications, Knowledge/Skills Required:

• Deep understanding of modern security architecture best practices in the FS industry
• Experience creating an enterprise architecture (application, data, and technical) that is aligned to business and IT imperatives
• Deep knowledge of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices
• Strong working knowledge of Application Security, Network Security, Security Technologies & complex system threat modeling
• Experience formulating and prioritizing security requirements according to the organization's risk appetite
• Ability to build risk models and analyze security weaknesses in complex technology deployments
• Experience with public cloud environments and technologies (e.g., Microsoft Azure/AWS)
• Experience building security architectures for applications deployed on or with the following technologies: Cloud Technologies Azure/AWS, IBM Mainframe, HP NonStop/Tandem, Java, .Net, Linux, Microsoft Windows, SQL Server]
• Experience as technical lead organizing and mentoring security architects
• Have working knowledge of security compliance standards (NIST, GDPR, ISO, PCI, RMF, SOC 2 etc.)
• Ability to explain complex security concepts, issues, and associated impact to a number of different stakeholders
• BS or MS in Computer Science or related degree from an accredited university
• 10+ years of experience architecting, designing, and developing large-scale security solutions utilizing a mixture of hardware and software technologies

One or more of the following Certifications preferred:

• • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Information Systems Security Architecture Professional (ISSAP)
  • Information Systems Security Engineering Professional (ISSEP)
  • Cloud Solutions/security certifications for Azure/AWS