• Drive the Identity & Access Management and secrets management architecture roadmap and share with AES collaborators
• Participate in discovery workshops to understand client's & Workforce IAM and security needs and provide standard process recommendations to meet IAM use cases. Develop design and architectural diagrams that clearly communicate the proposed solution and flows
• Actively participate in the multi-functional team meeting, developing project plans, implementation, testing, pre / post release activities, risk management and issue management.
• Architect solutions applying Ping Identity Products, PlainID and/or similar IAM products, such as IGA tools, Virtual Directory, PAM and Secret Management solutions.
• Create IT security standards easily consumed by collaborators. Evaluate the existing application security controls, (on-premise and cloud), identify improvements, and build plans into the application security capability roadmap for implementation
• Build access management security patterns (standardizing authentication/authorization flows, single-sign-on/MFA, provisioning, user behavior analytics, access governance system controls, privileged/secrets management) and designs as part of initiatives to modernize the DTCC access management security posture
• Mentor junior security engineers and architects to improve their cybersecurity and architecture skills
• Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks
• Create white papers and present in industry conferences to display thought leadership in the security field
• Align risk and control processes into day-to-day responsibilities to supervise and mitigate risk; raises issues appropriately

NOTE: The Primary Responsibilities of this role are not limited to the details above.

Required Qualifications:

• Min 8-10 years of related experience
• Strong cybersecurity experience in architecting implementations using Ping Identity products (especially PingFed, PingOne, PingID, and PingAuthorize) is required.
• Experience with most standard IAM security protocols (Eg: OAuth, OIDC, RACF, SAML, LDAP, ID Federation, SSO, MFA, UEBA) is required.
• Experience architecting solution using products like API Gateway, IGA and Virtual Directory is required.
• Strong experience in identifying access management control gaps
• Experience with Information Security frameworks (e.g., ISO 27001, CIS, MITRE ATT&CK and NIST) & security architecture frameworks
• Experience architecting automated data centre processes, including provisioning, application, and patch management, monitoring and alerting, capacity monitoring and planning, demonstrating execution and human approval workflow design and implementation
• Strong communication skills with the ability to present in front of large audience

Preferred Qualifications:

• Bachelor’s degree preferred and/or related experience
• Experience in OS security (Windows, Linux), Network security (Firewall, Proxy, WAF) and RDMS is preferred.

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.