The Enterprise Security Architect will lead the architecture, design, and implementation of security infrastructure solutions and components that support the overall enterprise architecture and strategic directions. The Enterprise Security Architect provides consulting to product teams, product management, Technology, support and other organizations on proper security architecture to ensure the applications, systems and processes developed by these organizations are in line with Valley's architecture, security best practices, policies and standards.
Responsibilities include but are not limited to:
- Liaisons with security architects, technology and product architects to determine and develop application security approaches and solutions, conduct reviews, and document security architecture and implementation recommendations.
- Provides security architecture guidance and oversight to product architecture and processes.
- Identifies gaps in the Valley products and services strategy and implementation, and works with the security and technology teams to resolve these gaps.
- Analyzes emerging security threats and vulnerabilities, identifies gaps in existing and proposed architectures, and recommends changes or enhancements.
- Identifies enterprise wide application security standards, patterns, shared components and design architecture blueprints to ensure secure integration and exchange of data between applications, clients and partners. Maintains security artifacts (models, patterns, templates, etc.) that can be used/reused to leverage security capabilities in new initiatives and operations.
- Partners with the security and technology teams in the development of application and product security strategy, principles, best practices, standards, guidelines, and the design of blueprints to standardize shared security components and patterns.
- Researches and assesses new security technologies and participates in Proof of Concepts (POCs) to understand the impact of these technologies to Valley products.
- Expert knowledge in defining security architecture requirements, threat modeling and risk management.
- Expert knowledge of security architectural mechanisms, components and integration with technology components and operations.
- Strong knowledge of application security, web and application design, databases, operating systems, hypervisors, IP networks, microservices, container technology, system integration technologies and securing cloud-based applications.
- Excellent verbal and written communication skills.
- Strong interpersonal skills to facilitate building positive working relationships at all levels within the bank.
- Ability to handle multiple priorities simultaneously.
- Ability to delegate assignments and deal with "crisis-type" situations.
- Bachelor's degree in Cybersecurity, Computer Science, or related field and a minimum of 10 years' Information Technology experience with a minimum of 5 years' information systems security experience, or a High School diploma/GED and a minimum of 10 years' experience in information systems security and a certification (CISSP, CISM, GSEC or other relevant certification). Must have experience implementing SDN (software defined networking) and SDWAN.
- CISSP, CISM, GSEC or other relevant professional certifications preferred.