Cyber Security Architect - ZTNA

DTCCJersey City, NJ
$95,000 - $180,000Hybrid

About The Position

The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance. Being a member of IT Cybersecurity and Platform Strategy team, you will lead the design, governance, and implementation of enterprise Zero Trust Network Access (ZTNA) and Secure Service Edge (SSE) capabilities. This role is a hybrid of architecture leadership, governance oversight, and hands‑on technical engagement, supporting secure access modernization across a complex, regulated financial services environment.

Requirements

  • Bachelors’ Degree and/or equivalent experience
  • 8+ years of experience in cybersecurity architecture, network security, or security engineering roles.
  • Demonstrated experience designing and implementing Zero Trust architectures in large enterprise environments.
  • Strong expertise in: Identity‑based access controls (SSO, MFA, conditional access), Secure network and application connectivity concepts, Hybrid and cloud‑based access architectures.
  • Experience integrating ZTNA/SSE platforms with: Identity providers (e.g., Entra ID, Okta, Ping), SIEM/SOAR solutions, Endpoint security and posture signals.
  • Ability to operate effectively across strategy, governance, and hands‑on execution.

Nice To Haves

  • Architecture and/or implementation experience with multiple of the following platforms: Zscaler, Cisco security and networking platforms, Akamai enterprise security and access solutions.
  • Familiarity with: Software‑defined perimeter and segmentation strategies, TLS inspection, certificate management, and privacy considerations, SaaS governance and shadow IT risk controls.
  • Professional certifications such as CISSP, CCSP, GIAC, or relevant vendor certifications preferred.

Responsibilities

  • Define and maintain enterprise ZTNA and SSE target‑state architectures, roadmaps, and transition strategies aligned with DTCC security principles.
  • Establish and document Zero Trust architecture standards, including identity‑centric access, least‑privilege enforcement, continuous verification, and segmentation.
  • Develop and maintain architecture artifacts, including: Reference architectures and solution patterns, High‑Level Designs (HLDs) and Low‑Level Designs (LLDs), Architecture Decision Records (ADRs).
  • Serve as the design authority for secure access and connectivity initiatives.
  • Translate enterprise security, regulatory, and risk requirements into enforceable architectural guardrails for ZTNA/SSE platforms.
  • Ensure access architectures support: Policy consistency and traceability, Exception management and approvals, Periodic access reviews and recertification, Audit and regulatory evidence requirements.
  • Participate in architecture review boards, security design reviews, and governance forums as the ZTNA/SSE subject‑matter expert.
  • Lead and actively participate in: Platform design and configuration, Proof‑of‑concepts and pilot implementations, Migration initiatives (including VPN modernization).
  • Architect and guide implementation of SSE capabilities, including: Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall‑as‑a‑Service (FWaaS), where applicable, Integration with Data Loss Prevention (DLP) services.
  • Design secure access models for: Workforce access to internal and cloud‑hosted applications, Third‑party and vendor access, Privileged and high‑risk access scenarios.
  • Design and maintain solutions across a multi‑vendor ZTNA/SSE ecosystem, including: Zscaler, Cisco security and secure access platforms, Akamai enterprise access and edge security services.
  • Perform comparative technical evaluations and develop vendor‑neutral architectural decision frameworks.
  • Lead vendor engagements, technical deep dives, and roadmap assessments.
  • Ensure operational integration with: SIEM/SOAR platforms, Logging, telemetry, and monitoring systems, Incident detection and response workflows.
  • Define and track access‑related KPIs and metrics, including: Reduction in legacy VPN reliance, Application onboarding progress to ZTNA, Policy exception volumes, Access anomaly detection and response effectiveness.
  • Drive continuous optimization of security posture, performance, and user experience.

Benefits

  • Competitive compensation, including base pay and annual incentive
  • Comprehensive health and life insurance and well-being benefits, based on location
  • Pension / Retirement benefits
  • Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service