Cybersecurity Senior Architect - Cloud / AI Security

About The Position

Requirements

• Bachelor's degree in a technical or business field, or equivalent education and related training
• Eight years of demonstrated experience of systems engineering and/or architecture in at least one of the information security areas: network security, access management, end point protection, data loss prevention, vulnerability management, application security, forensics, web security, mainframe, incident response and/or cyber threat management in a medium to large corporation
• Highly experienced in network security architecture, including design tools, methods, and techniques and the application of Defense-in-Depth principles; knowledge of network design processes, including understanding of security objectives
• Specialized depth and thorough Knowledge of The Open Group Architecture Framework (TOGAF), including infrastructure, data, information security, applications, architectural concepts, and associated disciplines
• Deep knowledge of: Mainframe security, including access control, monitoring, integration with non-mainframe technologies, and virtualization; Authentication and authorization technologies including remote access; Application security and the security development lifecycle and ability to apply to client-server and web-based application development environments; Enterprise databases and database security, including database activity monitoring and database access control technologies; Encryption methods and technologies for data-in-transit and data-at-rest scenarios; Incident response processes; Denial of Service prevention mechanisms; Firewall technologies and intrusion prevention methods; Cloud technologies and hosting; Operating system hardening; Virtualization technologies; Mobile technologies; Encryption and key management technologies; Endpoint Protection (includes malware); Data Loss Protection technologies
• Experience with peripheral component interconnect and other security audit processes, evidence gathering and development/management of remediation plans used in resolution of finding

Nice To Haves

• Subject matter expert with deep specialization or comprehensive knowledge within a discipline which crosses multiple areas of specialization relative to Cloud architectures and security principles, Data Protection, IT Risk, Network Security, Application Security, Security Operations, and IAM. Deep knowledge/experience with securing complex AWS and Azure architectures.
• Understanding of Security foundations and Standards such as hardening, least privilege, attack surface reduction, NIST SP800-series, NIST Cybersecurity Framework, FIPS 140-2, Common Criteria, FFIEC, FISMA/FedRAMP, ISO 27000, PCI-DSS, CIS Benchmarks, and similar.
• Applies in-depth and specialized expertise and/or a significant breadth of expertise in own professional discipline and other related disciplines.
• Interprets internal/external business challenges and recommends best practices to improve products, processes, or services.
• Works independently, with guidance in only the most complex and unusual situations.
• Solution expertise (in the following) preferred: AWS / Azure Cloud - application migration, fit for purpose, etc. Large data management architecture and integrations Multifactor authentication, Risk Based Authentication Application authentication models Application Security – OWASP control and evaluation criteria Cryptographic technology – Transit encryption, storage encryption, Hash, KMS, Digital Signature, etc. Federated Identity Management / Identity Providers / Single Sign On (SSO) Client authentication approaches for “anti-bot” technologies, signaling, and fraud prevention
• Certification: CISSP-ISSAP, AWS, AZURE, SANS or TOGAF certifications
• Generative AI / LLM Consulting or professional services backgrounds are a plus.
• Financial services industry experience is a major plus.
• Master’s degree in: Computer Science, Information Systems, Security, or other closely related field.
• Ideal candidate will also have experience in the following areas – Developing patterns, building blocks, target architectures, policies, standards, and guidance for all applicable platforms Containerization, Micro-services, API, CI/CD Content Delivery technologies

Responsibilities

• Architecting effective and efficient fit for purpose solutions that meet the Bank’s needs and requirements - includes creation of Cybersecurity Blueprints that will present detailed views of application interaction/integrations between both on prem and cloud-based applications.
• Applies in-depth and specialized expertise in Identity and Access Management and significant breadth of experience across cyber / information security. May be called upon to contributed to scope and business cases
• Participates in the gathering and development of requirements by coaching stakeholders and decomposing business requirements into technical and system requirements
• Interpret requirements to determine the best solutions and approaches
• Creates architectures and operational documentation with support of engineering and operations staff
• Advise, consult, lead, guide and mentor project teams, engineers, analysts, and support staff in the delivery of solutions
• Participate in the agile planning processes and delivery methodologies
• Build relationships with internal clients
• Conducts threat modeling and security gap assessment exercises in concert with other teams
• Contributes to the creation of policy, standards, Minimum Security Baselines (MSBs), procedures and guidelines
• Bring visibility to and escalates security risks, as well as, technical, execution, deployment, or other risks as applicable
• Conducts post-mortem reviews of projects / products to measure design versus implementation differentials
• Contribute to the Truist Cyber Architecture Practice by supporting Cyber Enterprise Architecture objectives

Benefits

• Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates.
• Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
• Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.