Cybersecurity Principal Architect - Cloud & IAM

Truist•Atlanta, GA

1d•Onsite

About The Position

Truist is hiring a Cybersecurity Principal Architect responsible for defining and maintaining cyber security architecture and technology plans with a focus on researching emerging technology, best practices, and applicable regulatory/compliance requirements then applying them to enable business solutions. Ensure that security controls are reliable and supports business initiatives and future growth through coordination with the Truist architectural community, engineering teams, application delivery services, and other stakeholders. Act as a lead subject matter expert on cyber capabilities, best practices, and security controls for your aligned applications and technology stacks. Initially, primary focus will be in Identity and Access Management and Cloud Security domains. For this opportunity, Truist will not sponsor an applicant for work visa status or employment authorization, nor will we offer any immigration-related support for this position (including, but not limited to H-1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN-1 or TN-2, E-3, O-1, or future sponsorship for U.S. lawful permanent residence status.)

Requirements

Bachelor’s degree in Business, Management, MIS-related field, or equivalent education and related training
Twelve years of progressively responsible leadership experience in Information/Cyber Security
Comprehensive experience in network security architecture, including design tools, methods, and techniques and the application of Defense-in-Depth principles; knowledge of network design processes, including understanding of security objectives, operational objectives and tradeoffs
Thorough knowledge of The Open Group Architecture Framework (TOGAF), including infrastructure, data, information security, applications, architectural concepts, and associated disciplines
Knowledge of: Mainframe security, including access control, monitoring, integration with non-mainframe technologies, and virtualization; Authentication and authorization technologies including remote access; Application security and the security development lifecycle and ability to apply to client-server and web-based application development environments; Enterprise databases and database security, including database activity monitoring and database access control technologies; Encryption methods and technologies for data-in-transit and data-at-rest scenarios; Incident response processes; Denial of Service prevention mechanisms; Firewall technologies and intrusion prevention methods; Cloud technologies and hosting; Operating system hardening; Virtualization technologies; Mobile technologies; Encryption and key management technologies; Endpoint Protection (includes malware); Data Loss Protection technologies
Experience with peripheral component interconnect and other security audit processes, evidence gathering and development/management of remediation plans used in resolution of finding

Nice To Haves

Broad knowledge across a wide range security and technology domains, and deep knowledge/experience in Identity and Access Management (IAM) and securing complex AWS and Azure architectures
Understanding of security foundations, frameworks, and standards such as hardening, least privilege, attack surface reduction, NIST SP800-series, NIST Cybersecurity Framework, Common Criteria, FFIEC, FISMA/FedRAMP, PCI DSS, CIS Benchmarks, and similar.
Applies in-depth and specialized expertise and/or a significant breadth of expertise in own professional discipline and other related disciplines.
Interprets internal/external business challenges and recommends best practices to improve products, processes, or services.
Mentors less experienced teammates to build their own technical expertise.
Impacts the achievement of client, operational, project, service, and risk management objectives.
Works independently, with guidance in only the most complex and unusual situations.
Relevant industry experience: Financial services / Fintech industry experience (most desired) or other highly regulated / highly secured industry experience (ex. defense, energy, PCI Level 1 merchant, big tech).
Specific solution expertise is desired in the following areas: Digital Commerce, Digital Banking and Financial Systems architecture
Large data management architecture and integrations
Attack protection and mitigation technologies – DDoS, WAF, Bot, etc.
AWS / Azure Cloud - application migration, fit for purpose, etc.
Multifactor authentication, Risk Based Authentication
Application authentication models
Application Security – OWASP control and evaluation criteria
Cryptographic technology – Transit encryption, storage encryption, hash, KMS, Digital Signature, etc.
Federated Identity Management / Identity Providers / Single Sign On (SSO)
Client authentication approaches for “anti-bot” technologies, signaling, and fraud prevention
Certification: CISSP, ISSAP, AWS, AZURE, SANS and/or TOGAF certifications
Masters degree in: Computer Science, Information Systems, Security, or other closely related field.
Experience with Agile Scrum (Daily Standup, Sprint Planning and Sprint Retrospective meetings)
Consulting or professional services backgrounds
Developing patterns, building blocks, target architectures, policies, standards, and guidance for all applicable platforms
Containerization, Micro-services, API, CI/CD
Content Delivery technologies
Fintech integration
Artificial Intelligence (AI)

Responsibilities

Lead the planning, creation, and management of security architecture deliverables, including but not limited to requirements, solution designs, patterns, building blocks, target architectures, policies, standards, and guidance for all applicable platforms and environments to influence Truist Protection Services (TPS), Enterprise Technology, and line of business decision making.
Acts as thought leader in new technology innovation, incubation, introduction and implementation critical to the TPS roadmap and Truist’s success.
Build roadmap for acquiring, integrating, and implementing high-value technology and processes.
Oversee efforts (e.g. proof of concepts) to measure and prove new technology value.
Lead development of system security context and preliminary system security concept of operations and define baseline system security requirements in accordance with applicable regulations and standards.
Create and maintain system security context and preliminary system security concept of operations and define baseline system security requirements in accordance with applicable regulations and standards.
Ensure that all acquired or developed security systems and security architectures integrate with enterprise security architecture.
Establish strong relationships with key technology stakeholders and create convergence by demonstrating credibility, empathy and expertise on business and technical issues.
Facilitate, communicate, collaborate, and persuade others in the definition, adoption and implementation of a coherent architecture.
Evaluate existing or emerging technologies to consider factors such as cost, security, compatibility and usability and ensure security product lifecycles are managed proactively.
Demonstrate comprehensive experience and skill in Information Security (InfoSec) and cyber security technology and practices necessary to negotiate and persuade technology direction on security principals and tenets such as confidentiality, integrity, availability, authentication and non-repudiation.
Perform security reviews, identify gaps in security architecture and develop security risk management plans.