Cyber Security - Secure Design Lead

Security Architecture - Secure Design Team

Role: Senior Manager - Secure Design (People Leader)

Grade: GG14

Security Architecture Design team is responsible for developing Security Architecture patterns; developing security controls needed for new technology; promoting the use of the architectural patterns into development projects; Leading the Security Architecture Design Forum; Evaluating architectural security risks in existing systems; Consulting with system development teams and architects on building security into their design.

This role has responsibility for building and setting the direction of the team, and for the team's output.

Reports to: Director - Security Architecture

Key relationships & committees

• Security Domain Forum (chair)
• CTO / Architecture Governance
• Business Aligned Principal Security Architects
• CyberSecurity Engineering
• CyberSecurity Application Security Team
• Cloud Security Architecture

Key responsibilities

• Lead and manage the Security Architecture - Design team - a team of technical professionals.
• Chair the Security Architecture Design Forum
• Design and publish Security Architecture Design Patterns and Standards to comply with group security requirements, industry standards, customer requirements regulatory requirements and best practices.
• Own, develop and champion a Security Architecture control framework.
• Research, design and document the security posture requirements and controls of new technology introduced into the Group. Engage with technology acquisition processes to ensure all new technology introduced is evaluated. Research industry trends and regulatory requirements.
• Own the Security Architecture evaluation of risks identified in systems, including reviewing and proposing tactical and strategic remediation plans, and evaluation the cost / risk benefits of remediations.
• Consult, and champion the adoption of security design, with technical delivery teams for both existing systems and new systems.
• Engages with the BISO and Solution architects in the development of product specific information security plans.
• Nurture and enforce technical practices in order to deliver technical excellence.
• Foster and support experimentation and innovation in solving problems
• Manage third parties in their deliveries related to the domain area
• Finances for the team and any product or services are accurately budgeted for and managed
• Provides company representation, internally and externally, related to information security, as needed.
• Establishes metrics and monitoring to report the effectiveness and efficiency of the Security Architecture function.

Leadership responsibilities

• Leader and manager of a team of Security Architects [FTE], as well as consulting / scaleout resource as needed.
• Leadership / chair of group-wide initiatives and forums (e.g. Architecture Design Forum)
• Ensure team has correct resources allocated to deliver.

Critical deliverables

• Building the Security Architecture Design Team
• Delivering the security design patterns, with full audit trail
• Developing and maintaining the security architecture control framework.
• Ensuring Security Architecture is built into group wide and business specific processes for acquiring and developing new technology, including developing any needed processes.
• Developing and publishing core metrics for the security architecture team

Impact

This is a group-wide role which is highly important to the management of security risks associated with business technology systems. The role is key to addressing regulatory concerns for all of our regulated entities related to cyber security and cyber resilience. As well as being key to securing the groups systems, this role also delivers the ability to demonstrate to regulators, auditors and internal control functions that security is being delivered.

Notable KPIs

• Delivery of design patterns (pace of delivery, and coverage of pattern library)
• Internal consulting hours recharged
• Functional and security risk metrics designed, delivered and reported on
• All finances for the team are managed accurately. No unbudgeted costs incurred for business as usual operation

Technical / job functional knowledge

• 10+ years of increasing responsibility in technical engineering or information security roles, security architecture preferred.
• Experience in enterprise architecture frameworks
• Experience in threat modelling / design patterns
• Proven Experience in designing and applying security controls into distributed systems (on prem and cloud)
• Thorough understanding of the latest security principles, techniques and protocols
• Critical thinker
• Problem solving skills, ability to work under pressure and self-starter
• Deep understanding of common as well as emerging vulnerabilities and how they manifest in different types of applications (web applications, thick clients, APIs, etc)
• Familiarity with OWASP Top 10, SANS Top 25, NIST / CSC, CIS etc.
• Applied understanding of topics such as authentication, access control, encryption, cloud security, operating system security, network security, database security.
• Familiarity with common Developer Tools (GitLab/Azure DevOps etc) and some experience with using YAML/Markdown/Terraform.

Business and sector expertise

Preferred prior experience in the financial services and / or technology sector.

Preferred Prior Experience In Heavily Regulated Environment.

• Experience in recruiting, supporting & managing specialist individual contributors in technology domains. Inspiring and empowering a team to own the delivery of outcomes.
• Experience in managing remote and offshore team members
• Must have a collaborative work style ensuring that stakeholders are engaged in decision making processes.
• Highly adaptable and able to approach challenges differently in order to achieve goals.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone's race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it's used for, and how it's obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.