Information Security Architect

**The team**

The Information Security team at Schroders provide thought leadership on managing the information security threats and vulnerabilities to Schroders’ information assets and is the centre of excellence for advice and coordination. The team is comprising of various SME's in Technology Risk, Cybersecurity, Insider Security including Access and User Behaviour Management, Security Architecture and Information Risk.

**What you’ll do**

You’ll provide overall direction, lifecycle management and leadership for security architecture and technology. You’ll perform a lead role in various critical initiatives through the identification, analysis, evaluation, lifecycle management and adoption of security architectures and technologies. You’ll also work closely with other security functions and will provide guidance to ensure that there is coordination with their activities in technology choices. In addition, you’ll be involved with education and mentorship, supporting the delivery framework, development of technical architecture documentation, and advanced research topics.

**Key responsibilities include**:

- Leading and contributing to the security posture of Schroders networks and systems, data centre infrastructures, cloud architectures and solutions.
- Developing, contributing and management of security architecture specifications, security architecture analysis, threat-modelling, security requirements, security standards and design patterns, reference architectures, security strategies and roadmaps.
- Providing strategic points of view for security solutions and security industry events
- Developing and/or carrying out the strategic direction of security projects to enable execution of the information security strategy.
- Developing security solutions to enable execution of the long-term security architecture.
- Driving security technology evaluations and proof-of-concepts.
- Building strong cross-organizational relationships and effectively influencing staff across the IT organization and product teams.
- Managing lifecycle of security technologies.
- Working closely with the other technology architects to ensure that security is properly embedded in their technology domain architectures.
- Assisting other architects in peer reviews.
- Staying current with security technologies and making recommendations for use, based on business value.
- Advising leadership on Cybersecurity issues, systems, processes, products, and services.
- Maintaining oversight of the design and implementation of IT/business systems to ensure appropriate and effective security controls are included.
- Serving as a Cybersecurity expert to contribute to the definition of overall IT architecture.

**What you'll need**
- Minimum 3 years of experience as an information security architect
- Experience working in a large organisation or financial services
- Experience working on cloud architecture with knowledge on Azure or AWS services.
- Experience in cybersecurity architecture and designing on networks, data centre systems, cloud infrastructure and platforms (IaaS security, PaaS security).
- Experience in threat-modelling of complex systems.
- Experience in delivering comprehensive architecture specifications for security solutions.
- Experience with creating technical documentation, product documentation, technology and systems/network architecture and technical security standards.
- Experience working with security technologies, such as Firewalls, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAF, Wireless LAN, NAC, DLP, DDoS Mitigation, WAN security, SIEM, Content Filtering, Cloud Security gateways, Secure Proxies, and Crypto solutions.
- Experience working on Linux and Linux security
- Experience in speaking authoritatively to security principles in areas such as network, systems, virtualization, cloud technologies, access control and cryptography
- Experience in troubleshooting and resolving complex technical issues at Expert level.
- Experience integrating multiple vendor products.

**What would be good to have**
- Certifications in CISSP, SABSA, TOGAF, Aglie (SAFe) or GIAC DSA
- Experience and understanding of technology and enterprise security
- Knowledge of compliance, regulatory and legal requirements relevant to financial industry such as MAS, CSSF or FCA.
- Knowledge of relevant industry principles, best practices and standards such as NIST, ISO, CIS, OWASP, MITRE or CSA-CCM.
- Programming/coding and DevOps experience in Python, Ansible or Terraform

**What you'll be like**
- Experience in stakeholder engagement and ability to connect and communicate across all levels across the firm.
- Comfortable working across technology teams to identify, assess, track and close regional risks
- Passionate about developing a career in Information Security

**We're looking for the best, whoever they are**

Schroders is an equal opportunities employer. You're welcome here whatever your socio-economic bac