Principal Security Architect

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

 Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

As an Identity Access Management (IAM) Security Architect for the Cybersecurity Architecture Team, you will focus on existing identity access management controls (on-premises and cloud), design new and efficient security architectures, inspire change in control standards, create IT security standards easily consumed by collaborators, create access specific security patterns & diagrams, and own the Identity & Access Management 3 year roadmap.   This role will be an ambassador for the shift in the technology culture at DTCC to a Security-First culture.

The primary focus areas for this position are the following:

• Produce security architecture results as part of initiatives related to certificate services and identity and access management
• Partner with IT teams to design and deliver architectures to enable federated access and single sign on in cloud and hybrid environments
• Proactively identify security gaps, propose solutions, and follow through with engineering teams for implementation
• Innovate and lead others to tacklesophisticatedx issues 

Your Primary Responsibilities:

• Drive the Identity & Access Management and secrets management architecture roadmap and share with AES collaborators
• Participate in discovery workshops to understand client’s & Workforce IAM and security needs and provide standard process recommendations to meet IAM use cases.  Develop design and architectural diagrams that clearly communicate the proposed solution and flows
• Actively participate in the multi-functional team meeting, developing project plans, implementation, testing, pre / post release activities, risk management and issue management.
• Architect solutions applying Ping Identity Products, PlainID and/or similar IAM products, such as IGA tools, Virtual Directory, PAM and Secret Management solutions.
• Create IT security standards easily consumed by collaborators.  Evaluate the existing application security controls, (on-premise and cloud), identify improvements, and build plans into the application security capability roadmap for implementation 
• Build access management security patterns (standardizing authentication/authorization flows, single-sign-on/MFA, provisioning, user behavior analytics, access governance system controls, privileged/secrets management) and designs as part of initiatives to modernize the DTCC access management security posture
• Mentor junior security engineers and architects to improve their cybersecurity and architecture skills 
• Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks
• Create white papers and present in industry conferences to display thought leadership in the security field
• Align risk and control processes into day-to-day responsibilities to supervise and mitigate risk; raises issues appropriately

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **

Qualifications:

• Min 8-10 years of related experience
• Bachelor’s degree preferred and/or related experience

Talents Needed for Success:

• Strong cybersecurity experience in architecting implementations using Ping Identity products (especially PingFed, PingOne, PingID, and PingAuthorize) is required.
• Experience with most standard IAM security protocols (Eg: OAuth, OIDC, RACF, SAML, LDAP, ID Federation, SSO, MFA, UEBA) is required.
• Experience architecting solution using products like API Gateway, IGA and Virtual Directory is required.
• Strong experience in identifying access management control gaps 
• Experience with Information Security frameworks (e.g., ISO 27001, CIS, MITRE ATT&K and NIST) & security architecture frameworks
• Experience architecting automated data centre processes, including provisioning, application, and patch management, monitoring and alerting, capacity monitoring and planning, demonstrating execution and human approval workflow design and implementation 
• Experience in OS security (Windows, Linux), Network security (Firewall, Proxy, WAF) and RDMS is preferred 
• Strong communication skills with the ability to present in front of large audience

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

DTCC safeguards the financial markets and helps them run efficiently, in times of prosperity and crisis. We are uniquely positioned at the center of global trading activity, processing over 100 million financial transactions every day, pioneering industry-wide, post-trade solutions and maintaining multiple data and operating centers worldwide. From where we stand, we can anticipate the industry’s needs and we’re working to continually improve the world’s most resilient, secure and efficient market infrastructure. Our employees are driven to deliver innovative technologies that improve efficiency, lower cost and bring stability and certainty to the post-trade lifecycle.
DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork.  When you join our team, you’ll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It’s the chance to make a difference at a company that’s truly one of a kind.

Learn more about Clearance and Settlement by clicking here.