Reporting to the UK CIO and part of the Technology department, the Principal Security Architect is responsible for designing and implementing robust security architectures to protect ING WB UK’s information assets. This role involves leading the development of security strategies, ensuring compliance with industry standards, and collaborating with various teams to enhance the overall security posture.
Main Duties and Responsibilities of Role:
Key responsibilities:
1. IT Risk Roadmap: Collaborate with IT Security and DevOps squads to develop and maintain the IT Risk Roadmap, ensuring alignment with organisational goals and local WB UK ambitions.
2. Security Architecture Design: Develop and maintain security architectures for applications, infrastructure, and cloud environments aligned with ING Security Architecture guidance and ING Security Standards.
3. Compliance: Ensure compliance with relevant security standards and regulations, such as DORA and GDPR.
4. Security Initiatives and Major Changes: Leading the design, providing guidance, and performing verification of architecture implementation on global programmes for WB UK.
5. Ad-hoc Security design advisory: Support DevOps squads by investigating and designing appropriate security solutions/services to be leveraged within ING.
6. Design Deviations: Review deviations against designs and provide risk assessment for waiver.
7. Security Architecture community: Participate in Group Architecture forums and receive regular updates on changes to security architectures to address emerging threats and technologies.
Qualification/Education:
Essential: Relevant certifications such as CISSP, CISM, CEH, or equivalent.
Desirable: Master’s degree in Computer Science, Information Security, or a related field.
Experience/Knowledge:
1. Minimum of 10 years of experience in information security.
2. In-depth knowledge of security frameworks and standards (e.g., NIST, ISO).
3. Experience with cloud security (e.g., AWS, Azure, Google Cloud).
4. Proficiency in security technologies such as firewalls, IDS/IPS, SIEM, and encryption.
5. Excellent problem-solving and analytical skills.
6. Strong communication and leadership abilities.
7. The ability to communicate complex security concepts to non-technical stakeholders.
8. Experience working in regulated industry (Financial Institutions).
J-18808-Ljbffr