Lead Security Architect

About The Position

Requirements

• 8+ years’ experience with secure design and architecture for cloud and on-prem environments
• Bachelor’s or master’s degree in Information Technology, Computer Science, or a related work experience, or equivalent
• Previous security experience in a consultancy role collaborating with internal Technology, Project and Business teams
• Knowledge of information security standards/practices (e.g., CSA CCM, ISO Standards including AI standards ,NIST CSF, NIST 800:53, OWASP, etc.), industry standard security architecture models ( like TOGAF, etc), Threat models, DevSecOp practices
• Experience interpreting business, technology, and threat drivers, and develop practical security roadmaps to deal with these drivers
• Experience with application security & cloud security engineering, embedding security with CI/CD pipelines & secure coding practices
• Applied knowledge of methodologies to conduct threat-modeling exercises on new applications and services
• Experience in designing security for building cloud architecture with public cloud platforms such as Azure, AWS and GCP
• Applied knowledge of Infrastructure as Code, Automation, and Orchestration

Nice To Haves

• The ideal candidate will maintain one or more of the following certifications: CISSP, ISSAP, Microsoft Azure Security Technologies Certification, Azure Solutions Architect Expert Certification, CISM, CISA, and/or CCSP

Responsibilities

• Review technology solution architectures developed by Technology solution architects for adherence to Security best practices and KPMG standards. Provide guidance and advice as required to technology architects to embed security earlier in the design. This individual will ensure security by design early in the solution life-cycle
• Provide proactive guidance and advice by way of early engagement with technology solution architects
• Capacity building within technology teams through regular engagement with technology solution architects by way of sharing security requirements knowledge and garnering cohesive secure solution building practice
• This individual will liaise with Technology solution architects within the firm, develop security architecture roadmaps in compliance with KPMG Standards, prepare tactical plans, maintain knowledge base of Security architectural requirements, various technologies and solutions within the firm
• Develop and maintain security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities, in line with established security standards
• Act as a subject matter expert in areas pertaining to Cloud technology security across (but not limited to) Cloud platforms such as Azure, AWS . Provide security recommendations and SME guidance to Technology and Business teams for their design & development initiatives
• Responsible for embedding security requirements and objectives into architecture and DevOps as per business requirements, reviewing security in technical architectures for applications and products & services to ensure they meet security standards and creating security-embedded reference architectures that can be leveraged by technology functions across the firm to rapidly develop secure solutions in a multi-cloud environment
• Analyzing requirements for Cloud security tool and technology (SIEM, Endpoint Protection, Vulnerability Management, DLP, other), work closely with Cloud engineering team