Security Architect

Company Description

Fund services | Corporate | Capital markets | Private client | Regulatory & Compliance 

We help clients succeed by unlocking new value through expertise, trust and scale. We deliver solutions that solve complex challenges faced by asset managers, financial institutions, corporates, high net-worth individuals and family offices. 

With a curious mindset, we ask the right questions to get to the right solution, faster. We collaborate to win together, sharing successes and shaping the future of our global business. Our culture of support and recognition provides the tools and opportunities for you to grow, while unlocking the most value for our clients and making your mark with Ocorian. 

Expertise: We deliver specialist, tech-enabled solutions for our clients grounded on deep industry expertise. 

Trust: We’re a trusted partner to over 8,000 clients globally. We are proud to have long-lasting partnerships with our clients. 

Scale: With more than 1,500 colleagues, we operate across 20+ countries, our scale enables us to support our clients globally and locally, providing a seamless client experience across borders and service lines. 

Job Description

Purpose of the Job

Reporting to CISO; the Security Architect is responsible for designing, implementing, and maintaining the security architecture of our organization. You will work closely with cross-functional teams to identify security requirements, assess current systems, and develop comprehensive security solutions to safeguard our assets. The ideal candidate will possess a strong background in information security, a deep understanding of emerging threats, and a proven track record of implementing effective security measures.

Main Responsibilities

• Security Architecture Design: Develop and maintain the overall security architecture framework, ensuring alignment with business objectives and regulatory requirements.
• Risk Assessment: Conduct regular risk assessments and vulnerability analyses to identify potential security weaknesses and recommend mitigating controls.
• Security Policies and Procedures: Establish and enforce security policies, standards, and procedures to maintain the confidentiality, integrity, and availability of assets.
• Technology Evaluation: Evaluate new security technologies and products, making recommendations for their integration into existing systems to enhance overall security posture.
• Incident Response Planning: Develop incident response plans and lead incident response efforts in the event of security breaches or incidents.
• Security Awareness and Training: Provide security awareness training to employees and promote a culture of security awareness throughout the organization.
• Compliance and Audit Support: Ensure compliance with relevant regulations and standards (e.g., GDPR, ISO 27001) and support internal and external audits as needed.
• Security Governance: Collaborate with key stakeholders to establish and maintain effective security governance processes and structures.
• Security Testing and Assessment: Coordinate and oversee security testing activities, including penetration testing, vulnerability scanning, and security assessments.
• Participate in designated projects and business initiatives as the security subject matter expert.
• Review and uncover new and evolving threats and report these to Infosec with appropriate plans for combating such threats

Qualifications

Experience, Skills & Experience

Preferred experience in some of the following areas:

• Identity and Access Management
• Application Security, cryptography, and protocols
• Secure System Development Live Cycle
• Security Incident Management and monitoring
• Security Operations, and Cyber Security
• Vulnerability management and penetration testing
• Information Security Management, Risk Management, and Asset Security
• Computer, IT Security, Network Security, and Cloud Security
• Security standards, laws, and compliance
• Experience in implementing security controls to improve system/platform overall security.
• Knowledge and experience with identifying and understanding the most common application security vulnerabilities (OWASP Top 10)
• Ability to work independently and pro-actively contribute to a global team environment.
• Excellent interpersonal, communication and presenting skills; able to concisely communicate security risks to both technical and business audiences

"Nice to have" experience in:

• Digital Transformation Programmes
• Agile Methodology
• JAVA, .NET, PHP, Ruby, Perl, Python and/or C/C++ experience
• Industry certification from vendors: ISC2, ISACA, GIAC, EC-Council, CompTIA, ITIL, Comptia Security +
• Knowledge in Risk and Compliance Management, Operational Models, Business Continuity Plan, Disaster Recovery Plan

Additional Information

All staff are expected to embody our core values that underpin everything that we do and that reflect the skills and behaviours we all need to be successful.  These are:

• We are CLIENT CENTRIC – Clients are at the centre of our world, and we’re committed to providing expertise and specialist solutions to meet their most complex challenges.
• We are AMBITIOUS – We aim high. We think and act globally, seizing every opportunity to delight our clients and support our colleagues - wherever in the world they may be.
• We are AGILE – We act on our initiative to get things done for our clients. Our independence gives us the flexibility and freedom to keep things simple, efficient and effective.
• We are COLLABORATIVE – With a curious mindset, we ask the right questions to get to the right solution, for our clients faster. We collaborate to win together and share our successes.
• We are ETHICAL – We behave with integrity at all times and assume positive intent, building trust through responsible actions and honest relationships.