Security Architect Mortgages

As a Security Architect focusing on Mortgages systems, your primary responsibility will be design, implement, and maintain robust security architectures for payment systems within a financial organization. This role involves ensuring the security of financial transactions, protecting sensitive data, and complying with industry regulations.

Key responsibilities:

Develop and implement comprehensive security strategies for Payments System Upgrades.

Conduct thorough risk assessments to identify potential security threats and develop mitigation strategies.

Create comprehensive threat models aligning with MITRE ATTACK/STRIDE frameworks.

Recommend the best controls & mitigations to potential vulnerabilities

Ensure the design comply with relevant regulations and standards, including GDPR, SOX, and PCI-DSS.

Implement advanced encryption and access control mechanisms to safeguard data integrity and confidentiality.

Collaborate with cross-functional teams to integrate security measures seamlessly with downstream systems

Ensure data at rest and data in transit are encrypted using appropriate mechanisms.

Communicate security risks and strategies effectively to stakeholders, including executive leadership and IT teams.

Key skills/knowledge/experience:

Should have proven experience as a Security Architect working in a large, complex organization. Ideally, this experience would be within a financially regulated enterprise (e.g., PCI compliance).

Proven experience working previously for for financial organizations

Previous relevant experience in developing bespoke Threat Models leveraging frameworks like MITRE ATTACK & STRIDE

Proficiency in assessing the Identity & Access Management functions & associated risks during Acquisition process.

Be able to understand and assess the security elements of technical designs / solutions and have a proven ability to constructively challenge to deliver better business and security outcomes.

Good knowledge of cryptography

Person specification: I.e., negotiating, client facing, communication, assertive, team leading/team member skills, supportive. Previous experience in working in UK Financial Services or similar highly regulated industry.

Have a relevant professional qualification (or be working towards certification), such as CISM / CISSP.

Familiarity with M&A processes and the unique security challenges they present.

Knowledge / experience of PCI-DSS, including PCI-P qualification.

Knowledge / experience of Data privacy and GDPR;

Experience with regulatory compliance frameworks specific to financial organizations.

Excellent interpersonal and communication skills.

Ability to work independently and collaboratively within a team.

* Free services are subject to limitations