• Engages technical teams and business stakeholders to discuss and propose technical approaches to meet current and future cybersecurity needs
• Defines the technical target state of their cybersecurity product and drives achievement of the strategy
• Evaluate current cybersecurity principals, processes, and controls, and new technology using existing standards and frameworks
• Provide technical guidance and direction to support the business and its technical teams, contractors, and vendors
• Work with stakeholders and senior leaders to recommend business modifications during periods of vulnerability
• Serve as a function-wide subject matter and be recognized in your product as the clear point of escalation and subject matter expert for IT Risk and Cyber domains
• Proactively monitor Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution and identifying the root cause/key themes
• Contribute to the engineering community as an advocate of firmwide frameworks, tools, and practices of the Secure Software Development Life Cycle
• Influence peers and project decision-makers to consider the use and application of leading-edge technologies
• Work collaboratively with product, technology, and business colleagues on an on-going basis for business-as-usual audit and regulatory engagements, risk activities and project initiatives

Required qualifications, capabilities, and skills

• Formal training or certification on Cybersecurity Architecture concepts and 5+ years applied experience
• Advanced knowledge of cybersecurity architecture/engineering, applications, and technical processes
• Advanced in one or more programming languages such as Python or Java
• Hands-on practical experience delivering enterprise level planning, design, and implementation of enterprise-level security solutions and controls related to:
• Modern Security Engineering/Architecture practices (microservices, containers, orchestration, continuous integration & delivery pipelines, API first, service delivery & integration)
• Technical Service Delivery - Shipping code & features
• Product technologies (Infrastructure, Application)
• Secure Software Development Life Cycle (SSDLC) such as code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning
• Applicable working experience designing and implementing cloud services (IaaS, PaaS, SaaS, etc) offered from public cloud service providers (e.g., AWS, Microsoft Azure, Google etc.)
• Ability to evaluate current and emerging technologies to recommend the best solutions for the future state architecture
• Experience effectively communicating with senior business leaders

Preferred qualifications, capabilities, and skills

• Experience with terraform enterprise, service control policies, and Kubernetes security
• Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect)
• Experience in financial services consumer businesses (i.e., Mortgages, Cards or Digital) or industries with similar risk tolerance

NA