Principal Security Architect

About The Position

Requirements

• Bachelor’s or master’s degree in computer science, Information Security, or related discipline.
• 8 years of experience in cybersecurity architecture, cloud security, or enterprise security design, with significant depth in cloud security architecture across AWS and Azure environments.
• Proven experience providing security architecture leadership in large, complex, and highly regulated enterprise environments.
• Demonstrated experience leading and developing senior technical professionals or security architects, with accountability for architectural quality and outcomes.
• Strong background supporting cloud‑first security initiatives, with AWS experience strongly preferred.
• Deep knowledge of security frameworks, standards, and regulatory requirements, including NIST, ISO, and CIS benchmarks.
• Proven ability to define target‑state security architectures, develop multi‑year roadmaps, and deliver enterprise‑scale architectural designs.
• Advanced understanding of cloud security services and controls, including IAM, encryption, monitoring, logging, and incident response in cloud environments.
• Experience embedding security architecture into DevSecOps models, including CI/CD pipelines and cloud‑native security tooling.
• Strong architectural mindset, with the ability to balance strategic vision and practical design guidance.
• Exceptional communication and stakeholder management skills, with the ability to influence and advise senior technical and business leaders.
• Proven ability to translate complex technical and security concepts into clear, actionable guidance for business and non‑technical audiences.
• Comfortable operating in a non‑hands‑on, architecture‑centric role, guiding delivery teams through influence rather than direct implementation.
• Ability to work both independently and collaboratively within highly matrixed, multidisciplinary teams.

Nice To Haves

• Preferred industry certifications include AWS Certified Security – Specialty, Azure Security Engineer Associate, CISSP, SABSA, or equivalent credentials.
• Familiarity with blockchain technologies is considered an advantage but is not required.

Responsibilities

• Lead the design, evolution, and governance of DTCC’s cloud security architecture, with a strong emphasis on AWS‑based platforms and cloud‑first initiatives.
• Define, maintain, and socialize security architecture patterns, reference architectures, and standards that enable secure, scalable cloud adoption.
• Establish and uphold a strong security posture for cloud‑based applications and services, ensuring alignment with DTCC’s enterprise risk, regulatory, and compliance expectations.
• Bridge domain and solution architecture, providing architectural leadership in environments where these responsibilities may otherwise be separated.
• Evaluate emerging security capabilities, technologies, and products in partnership with Cybersecurity, Cloud Delivery, and IT Architecture teams.
• Act as a trusted security advisor to IT and business stakeholders, including Executive Directors and Managing Directors, influencing security outcomes across strategic initiatives.
• Collaborate closely with partner organizations—including Cloud Delivery, IT Architecture, and Cybersecurity Engineering—to support enterprise modernization efforts.
• Translate complex security and architectural concepts into clear, actionable guidance for both technical and non‑technical audiences.
• Lead, mentor, and develop a team of 3–5 Security Architects, balancing coaching with accountability for high‑quality architectural outcomes.
• Provide strategic direction and prioritization for the team’s work across architecture design, standards development, and architecture review activities.
• Foster a culture of security‑first thinking, strong communication, and continuous improvement.

Benefits

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).