Dtcc
Principal Security Architect (Secrets Management)
Dtcc, Coppell, Texas, United States, 75019
Job Description
Are you ready to make an impact at DTCC?
Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.
Pay and Benefits:Competitive compensation, including base pay and annual incentiveComprehensive health and life insurance and well-being benefits, based on locationPension / Retirement benefitsPaid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).The impact you will have in this role:
As a PKI & Secrets Security Architect in the Cybersecurity Architecture Center of Excellence, your responsibilities include a comprehensive review of the existing public key infrastructure and secrets management capabilities for on-premises, client, and cloud. You will also inspire changes in existing control standards, create new IT security standards that are easily consumed by stakeholders, build specific security patterns & diagrams, and own the relevant 3-year capability roadmap. This role will be key in ensuring a Security-First demeanor during DTCC's technology modernization journey.
Your Primary Responsibilities:
Create and drive the internal and client PKI security and secrets management capability roadmap within information technology & the respective IT team members.Inspire change of control policies with Technology Risk Management & build positive relationships with IT Architecture & Application Development partners.Create IT security standards and drive best-practices which are easily consumed by IT team members.Own the enterprise-wide PKI architecture including HSMs - Hardware Security Modules, CAs - Certificate Authorities, CLM - Certificate Lifecycle Management.Proactively identify access management gaps and partner with app dev teams for remediationDesign processes and workflows for generation, rotation and revoking certificates.Identify automation opportunities for certificate lifecycle.Act as the domain specialist to help guide and craft how certificate management services are enabled.Design new certificate management services, integrations, and technologies.Mentor junior security architects to improve their security and architecture skills within the team.Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.Craft white papers and present in industry conferences to present thought leadership in the security field.Align risk and control processes into day-to-day responsibilities to supervise and mitigate risk; calls out appropriately.**NOTE: The Primary Responsibilities of this role are not limited to the details above. **
Qualifications:
Minimum of 8 years of related experienceBachelor's degree and/or equivalent experienceTalents Needed for Success:
Strong Information Security experience, specifically in PKI/Cryptography (on premise and cloud) & Secrets management.Solid working experience with certificate issuance ceremonies.In-depth knowledge of Certificate Lifecycle Management including certificate revocation list (CRLs) standard processes.Hands-on experience with 2+ vendors such as: Venafi, Hashicorp, Microsoft, Thales, Gemalto (SafeNet HSM), DigiCert, Hitachi (HiPAM).Experience in SSL certificate management concepts, processes, and solution management.Expertise with Online Certificate Status Protocol (OCSP) infrastructure, Hardware Security Modules (HSM), CMS Enterprise, Venafi Trust Protection Platform, and Venafi TrustNet software suites.Experience in building Certificate Policy (CP) and Certificate Practice Statements (CPS).Solid experience with Python, networking fundamentals, OS (Windows/Linux) security.Experience with Information Security frameworks (e.g. ISO 27001 and NIST) & security architecture frameworks.Deep technical writing skills to support required documentation.Demonstrated ability to collaborate between product management, engineering, risk, and IT teams.Has good communication skills with the ability to communicate in front of large audience.
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
About Us
DTCC safeguards the financial markets and helps them run efficiently, in times of prosperity and crisis. We are uniquely positioned at the center of global trading activity, processing over 100 million financial transactions every day, pioneering industry-wide, post-trade solutions and maintaining multiple data and operating centers worldwide. From where we stand, we can anticipate the industry's needs and we're working to continually improve the world's most resilient, secure and efficient market infrastructure. Our employees are driven to deliver innovative technologies that improve efficiency, lower cost and bring stability and certainty to the post-trade lifecycle.
DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you'll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It's the chance to make a difference at a company that's truly one of a kind.
Learn more about Clearance and Settlement by clicking here.
About the Team
IT Architecture and Enterprise Services are responsible for enabling digital transformation of DTCC. The group manages complexity of the technology landscape within DTCC and enhances agility, robustness and security of the technology footprint. It does so by serving as the focal point for all technology architectural activities in the organization as well as engineering a portfolio of foundational technology assets to enable our digital transformation.
Are you ready to make an impact at DTCC?
Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.
Pay and Benefits:Competitive compensation, including base pay and annual incentiveComprehensive health and life insurance and well-being benefits, based on locationPension / Retirement benefitsPaid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).The impact you will have in this role:
As a PKI & Secrets Security Architect in the Cybersecurity Architecture Center of Excellence, your responsibilities include a comprehensive review of the existing public key infrastructure and secrets management capabilities for on-premises, client, and cloud. You will also inspire changes in existing control standards, create new IT security standards that are easily consumed by stakeholders, build specific security patterns & diagrams, and own the relevant 3-year capability roadmap. This role will be key in ensuring a Security-First demeanor during DTCC's technology modernization journey.
Your Primary Responsibilities:
Create and drive the internal and client PKI security and secrets management capability roadmap within information technology & the respective IT team members.Inspire change of control policies with Technology Risk Management & build positive relationships with IT Architecture & Application Development partners.Create IT security standards and drive best-practices which are easily consumed by IT team members.Own the enterprise-wide PKI architecture including HSMs - Hardware Security Modules, CAs - Certificate Authorities, CLM - Certificate Lifecycle Management.Proactively identify access management gaps and partner with app dev teams for remediationDesign processes and workflows for generation, rotation and revoking certificates.Identify automation opportunities for certificate lifecycle.Act as the domain specialist to help guide and craft how certificate management services are enabled.Design new certificate management services, integrations, and technologies.Mentor junior security architects to improve their security and architecture skills within the team.Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.Craft white papers and present in industry conferences to present thought leadership in the security field.Align risk and control processes into day-to-day responsibilities to supervise and mitigate risk; calls out appropriately.**NOTE: The Primary Responsibilities of this role are not limited to the details above. **
Qualifications:
Minimum of 8 years of related experienceBachelor's degree and/or equivalent experienceTalents Needed for Success:
Strong Information Security experience, specifically in PKI/Cryptography (on premise and cloud) & Secrets management.Solid working experience with certificate issuance ceremonies.In-depth knowledge of Certificate Lifecycle Management including certificate revocation list (CRLs) standard processes.Hands-on experience with 2+ vendors such as: Venafi, Hashicorp, Microsoft, Thales, Gemalto (SafeNet HSM), DigiCert, Hitachi (HiPAM).Experience in SSL certificate management concepts, processes, and solution management.Expertise with Online Certificate Status Protocol (OCSP) infrastructure, Hardware Security Modules (HSM), CMS Enterprise, Venafi Trust Protection Platform, and Venafi TrustNet software suites.Experience in building Certificate Policy (CP) and Certificate Practice Statements (CPS).Solid experience with Python, networking fundamentals, OS (Windows/Linux) security.Experience with Information Security frameworks (e.g. ISO 27001 and NIST) & security architecture frameworks.Deep technical writing skills to support required documentation.Demonstrated ability to collaborate between product management, engineering, risk, and IT teams.Has good communication skills with the ability to communicate in front of large audience.
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
About Us
DTCC safeguards the financial markets and helps them run efficiently, in times of prosperity and crisis. We are uniquely positioned at the center of global trading activity, processing over 100 million financial transactions every day, pioneering industry-wide, post-trade solutions and maintaining multiple data and operating centers worldwide. From where we stand, we can anticipate the industry's needs and we're working to continually improve the world's most resilient, secure and efficient market infrastructure. Our employees are driven to deliver innovative technologies that improve efficiency, lower cost and bring stability and certainty to the post-trade lifecycle.
DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you'll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It's the chance to make a difference at a company that's truly one of a kind.
Learn more about Clearance and Settlement by clicking here.
About the Team
IT Architecture and Enterprise Services are responsible for enabling digital transformation of DTCC. The group manages complexity of the technology landscape within DTCC and enhances agility, robustness and security of the technology footprint. It does so by serving as the focal point for all technology architectural activities in the organization as well as engineering a portfolio of foundational technology assets to enable our digital transformation.