Security Architect – Mortgages

Social network you want to login/join with:

Hybrid 2 days per week from office
Office Locations: Swindon and London

Role Description:

As a Security Architect focusing on Mortgages systems, your primary responsibility will be to design, implement, and maintain robust security architectures for payment systems within a financial organization. This role involves ensuring the security of financial transactions, protecting sensitive data, and complying with industry regulations.

Key Responsibilities:

Develop and implement comprehensive security strategies for Payments System Upgrades.

Conduct thorough risk assessments to identify potential security threats and develop mitigation strategies.

Create comprehensive threat models aligning with MITRE ATTACK/STRIDE frameworks.

Recommend the best controls & mitigations to potential vulnerabilities.

Ensure the design complies with relevant regulations and standards, including GDPR, SOX, and PCI-DSS.

Implement advanced encryption and access control mechanisms to safeguard data integrity and confidentiality.

Collaborate with cross-functional teams to integrate security measures seamlessly with downstream systems.

Ensure data at rest and data in transit are encrypted using appropriate mechanisms.

Communicate security risks and strategies effectively to stakeholders, including executive leadership and IT teams.

Key Skills / Knowledge / Experience:

Proven experience as a Security Architect working in a large, complex organization-ideally within a financially regulated enterprise (e.g., PCI compliance).

Proven experience working previously for financial organizations.

Previous relevant experience in developing bespoke Threat Models leveraging frameworks like MITRE ATTACK & STRIDE.

Proficiency in assessing the Identity & Access Management functions and associated risks during the acquisition process.

Ability to understand and assess the security elements of technical designs/solutions and constructively challenge for improved outcomes.

Good knowledge of cryptography.

Person Specification:

Previous experience working in UK Financial Services or a similarly highly regulated industry.

Possession of (or working towards) relevant professional qualifications such as CISM / CISSP.

Familiarity with M&A processes and their unique security challenges.

Knowledge/experience of PCI-DSS, including PCI-P qualification.

Knowledge/experience of Data Privacy and GDPR.

Experience with regulatory compliance frameworks specific to financial organizations.

Excellent interpersonal and communication skills.

Ability to work independently and collaboratively within a team.