Senior Cyber Security Architect - Director

Senior Cyber Security Architect - Director

The Senior Security Architect is a part of the Solutions Security Architecture team within the Information Security Group and is responsible for strategizing, researching, evaluating, designing, and implementing security solutions for the organization by acting as a lead and managing other security architects as required. With an emphasis on the following areas; Security Architecture and Design, Network and Infrastructure Security, Cryptography and Key Management, Vulnerability and Threat Management, Security Standards and Technical Procedures, Compliance, Risk Assessments, Security Monitoring and Incident Response, Network Segmentation, and Zero-Trust.

The role will focus on developing security strategies, research and evaluate new technologies and capabilities, and to design and implement practical solutions to secure the Bank's internal and external infrastructure, networks, perimeters, cloud tenants, and other platforms and service providers. This includes assessing any new technologies and services being considered for use by the bank.

A core competency for this role is to help define future state security strategies and roadmaps for the bank and its subsidiaries. This includes advancing security controls maturity by adhering to established frameworks and technologies that protect the bank's IT infrastructure and business assets from cyber threats and to comply with relevant regulatory requirements.

The Senior Security Architect will also play a key role in defining and advancing the bank's Zero-Trust security strategy. This involves participating in a global zero-trust assessment effort, the development of a long-term zero-trust roadmap, and establishment of an official ZTA program. This effort will also involve designing and implementing solutions that align with ZTA and assume no implicit trust for users, devices, applications, and network flows.

The sole purpose of the Solutions Security Architecture team is to ensure "security" is embedded in all system architectures and solutions, align with business goals while proactively reducing risk and enabling secure business operations. This role reports to the Director of Solutions Security Architecture and could have direct reports depending on a need to provide leadership to other individual contributors.

Primary Responsibilities :

• Security Architecture emerging technology research, design, evaluation, analysis, and implementation.
• Develop future-state security strategies and roadmaps.
• Focus on Solutions Security Architecture as it relates to cyber threat visibility, detection, prevention, and analysis.
• The development of Information Security technical standards, procedures, and guidelines.
• Provide support for penetration testing activities, reporting, and issue resolution as it pertains to mitigating risk.
• Liaise with global colleagues on the development of new designs and standards.
• Work with various project teams to design and implement secure security solutions.
• Evaluate and certify new technologies or new versions of existing security controls and products.
• Integrate and operationalize new products into all areas of the infrastructure.
• Act as a liaison and escalation point to our partners and vendors to help resolve any complex issues.
• Write and maintain technical documentation, including design documents (project charters, IT requirements, RACI), test / project support plans, procedures, incident reports, operational runbooks, and troubleshooting guidelines.
• Involved in all aspects of planning new projects and proposals, support the budget and procurement process, tools rationalization, and resource planning.
• Support the Architecture Guidelines Compliance function, to ensure all new applications and services are successfully risk assessed and follow security standards across the organization.
• Manage other security architect resources who are focused on solutions security, which includes any solution or service which provides network visibility, detection, prevention, and analysis of threats to the bank.
• Provide support for internal and external audits, regulatory demands, and assist the GRC team as a subject matter expert with risk acceptances, issues reporting, and anything else that aligns with the function of risk analysis and mitigation.
• Support of the e-Vision program, where the main focus is to provide the SOC with the proper tooling required to maintain robust visibility, monitoring, and incident response platforms.
• Level-4 escalation as required for significant security exploits and mitigation.

CRITICAL JOB KNOWLEDGE AND CORE COMPETENCIES / SKILLS :

Qualifications and Skills :

10 + years of specialized experience in cybersecurity and the various competencies listed within this job description.

10 - 15 years of experience in secure computing or related area with an emphasis on network security, segmentation, and Zero-Trust Architecture.

Education :

Required : BA / BS or equivalent

Preferred : Computer Science or Computer Software Engineering degree or equivalent training.

Licenses / Certifications / Registrations :

Training and security certification - such as the CISSP, ISC2 specialization, or ISACA.

CEH or other security related certifications is a plus.

Other :

Familiar with AI technology & terminology, NIST / OWASP guidelines, FS-ISAC, NYDFS / FRB regulations, encryption technologies, TCP / IP and secure protocols, working knowledge of Visio, Word, Excel, PowerPoint, Service Now, Coupa, Confluence, Wiki's, and understanding project management methodology is a bonus.

SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@.