Logo of Huzzle

Home

Matches

Explore

Manage

Cyber Security - Secure Design Lead

image

LSEG (London Stock Exchange Group)

20d ago

  • Job
    Full-time
    Expert Level
  • Engineering
    IT & Cybersecurity
  • London
  • Quick Apply

AI generated summary

  • You must have 10+ years in security roles, enterprise architecture, threat modeling, security controls for distributed systems, and familiarity with OWASP, SANS, cloud security, and managing teams.
  • You will lead a team in designing security architecture, manage risks, establish standards, engage with stakeholders, and ensure effective security practices while overseeing budget and metrics.

Requirements

  • 10+ years of increasing responsibility in technical engineering or information security roles, security architecture preferred.
  • Experience in enterprise architecture frameworks
  • Experience in thread modelling / design patterns
  • Proven Experience in designing and applying security controls into distributed systems (on prem and cloud)
  • Thorough understanding of the latest security principles, techniques and protocols
  • Critical thinker
  • Problem solving skills, ability to work under pressure and self-starter
  • Deep understanding of common as well as emerging vulnerabilities and how they manifest in different types of applications (web applications, thick clients, APIs, etc)
  • Familiarity with OWASP Top 10, SANS Top 25, NIST / CSC, CIS etc.
  • Applied understanding of topics such as authentication, access control, encryption, cloud security, operating system security, network security, database security.
  • Familiarity with common Developer Tools (GitLab/Azure DevOps etc) and some experience with using YAML/Markdown/Terraform.
  • Preferred prior experience in the financial services and / or technology sector.
  • Preferred Prior Experience In Heavily Regulated Environment.
  • Experience in recruiting, supporting & managing specialist individual contributors in technology domains. Inspiring and empowering a team to own the delivery of outcomes.
  • Experience in managing remote and offshore team members
  • Must have a collaborative work style ensuring that stakeholders are engaged in decision making processes.
  • Highly adaptable and able to approach challenges differently in order to achieve goals.

Responsibilities

  • Lead and manage the Security Architecture - Design team – a team of technical professionals.
  • Chair the Security Architecture Design Forum
  • Design and publish Security Architecture Design Patterns and Standards to comply with group security requirements, industry standards, customer requirements regulatory requirements and best practices.
  • Own, develop and champion a Security Architecture control framework.
  • Research, design and document the security posture requirements and controls of new technology introduced into the Group. Engage with technology acquisition processes to ensure all new technology introduced is evaluated. Research industry trends and regulatory requirements.
  • Own the Security Architecture evaluation of risks identified in systems, including reviewing and proposing tactical and strategic remediation plans, and evaluation the cost / risk benefits of remediations.
  • Consult, and champion the adoption of security design, with technical delivery teams for both existing systems and new systems.
  • Engages with the BISO and Solution architects in the development of product specific information security plans.
  • Nurture and enforce technical practices in order to deliver technical excellence.
  • Foster and support experimentation and innovation in solving problems
  • Manage third parties in their deliveries related to the domain area
  • Finances for the team and any product or services are accurately budgeted for and managed
  • Provides company representation, internally and externally, related to information security, as needed.
  • Establishes metrics and monitoring to report the effectiveness and efficiency of the Security Architecture function.
  • Leader and manager of a team of Security Architects [FTE], as well as consulting / scaleout resource as needed.
  • Leadership / chair of group-wide initiatives and forums (e.g. Architecture Design Forum)
  • Ensure team has correct resources allocated to deliver.
  • Building the Security Architecture Design Team
  • Delivering the security design patterns, with full audit trail
  • Developing and maintaining the security architecture control framework.
  • Ensuring Security Architecture is built into group wide and business specific processes for acquiring and developing new technology, including developing any needed processes.
  • Developing and publishing core metrics for the security architecture team

FAQs

What is the main responsibility of the Secure Design Lead?

The main responsibility of the Secure Design Lead is to build and set the direction of the Security Architecture - Design team, ensuring the team's output meets security requirements and driving the adoption of security design into development projects.

Who does the Secure Design Lead report to?

The Secure Design Lead reports to the Director of Security Architecture.

What key relationships and committees is the Secure Design Lead involved with?

The Secure Design Lead is involved with the Security Domain Forum, CTO/Architecture Governance, Business Aligned Principal Security Architects, CyberSecurity Engineering, CyberSecurity Application Security Team, and Cloud Security Architecture.

What qualifications are necessary for this position?

Candidates should have 10+ years of experience in technical engineering or information security roles, preferably in security architecture, along with a comprehensive understanding of security principles, enterprise architecture frameworks, and experience in threat modeling.

What management responsibilities does the Secure Design Lead have?

The Secure Design Lead is responsible for leading and managing a team of security architects, chairing group-wide initiatives, ensuring the correct allocation of resources, and managing team finances.

What are some critical deliverables for this role?

Critical deliverables include building the Security Architecture Design Team, delivering security design patterns, maintaining the security architecture control framework, and developing metrics for the security architecture team.

What type of work environment does LSEG promote?

LSEG promotes a collaborative and creative culture that values individuality and encourages new ideas while committing to sustainability and driving economic growth.

What is expected in terms of team management?

The Secure Design Lead should inspire and empower the team to own the delivery of outcomes, manage remote and offshore team members, and engage stakeholders in decision-making processes.

Are there any specific metrics used to measure the team's effectiveness?

Yes, the Secure Design Lead will establish metrics to report on the effectiveness and efficiency of the Security Architecture function, including delivery pace of design patterns and security risk metrics.

Is there a focus on diversity and inclusion within the company?

Yes, LSEG is proud to be an equal opportunities employer and values diversity, ensuring there is no discrimination based on race, religion, gender, and other protected characteristics.

image

LSEG (London Stock Exchange Group)

Finance
Industry
10,001+
Employees

Mission & Purpose

LSEG (London Stock Exchange Group) is a diversified international markets infrastructure business —earning our clients’ trust for over 300 years. That legacy of customer-focused excellence ensures that you can rely on our expertise in capital formation, intellectual property and risk and balance sheet management. As global leaders in financial indexing, benchmarking and analytic services, we offer unrivalled access to international capital markets. Our high-performance technology solutions enable companies worldwide to access funds for growth and development. And with our Data & Analytics, Capital Markets and Post Trade divisions, we provide a comprehensive, integrated suite of trusted financial market infrastructure services that help our customers pursue—and achieve—their ambitions. You can count on our open access model for unparalleled partnership, flexibility, stability, and support across all of our businesses. That’s how we make a difference— ensuring people can meet their potential—worldwide.