BankUnited
Enterprise Security Architect
BankUnited, Baltimore, Maryland, United States,
BankUnited
(NYSE: BKU) is a national bank headquartered in Miami Lakes, Florida with banking centers in Florida, the New York metropolitan area, Dallas and Atlanta. BankUnited has two subsidiaries, Pinnacle Public Finance headquartered in Scottsdale, Arizona and Bridge Funding Group headquartered in Hunt Valley, Maryland. We pride ourselves on our entrepreneurial and collaborative culture encompassing the best minds, the brightest talent and the boldest decision makers.BankUnited is honored to announce that we have been included on the Newsweek and Statista America’s Most Trusted Companies Award List!BankUnited has been recognized by Newsweek for two outstanding awards in 2023 as one of
America’s Greatest Workplaces
and as one of
America’s Greatest Workplaces for Job Starters
, which acknowledges our commitment to creating an exceptional workplace.Our CultureAt BankUnited, we foster a diverse and inclusive environment where all employees have the opportunity to advance, grow and achieve their goals. Our rally cry is to GO FOR MORE, a call to action to go above and beyond to provide the best customer experience to every client and to GO FOR MORE in your career.Why BankUnitedWorking for BankUnited offers you exciting challenges and opportunities to advance your professional development, while empowering you to deliver and be your best. We are happy to report the average tenure according to LinkedIn insights is 8.3 years. We strive to provide a competitive benefits plan to our employees and are proud to have been nationally ranked #1 as one of the 2023 Healthiest 100 Workplaces in America by Springbuk and awarded HEALTHIEST EMPLOYER by the South Florida Business Journal since 2020.As a company, we believe we are only as successful as our people and are committed to providing training and innovative resources that prepare you to reach your full potential. That's why in addition to tuition reimbursement, we provide our employees with exciting career coaching, courses and training through our own GO FOR MORE Academy and mentoring opportunities through our iCARE (Inclusive Community of Advocacy, Respect and Equality) program.At BankUnited, we strive to provide our employees with a work life balance. Specifically, retail branches operate 5 days a week Monday – Friday, excluding evening and/or weekend hours. For many of our positions, we offer a hybrid work environment, as well as a remote work environment for designated positions.If you thrive in a fast-paced collaborative work environment, Apply Now and start your journey with BankUnited today!Job DescriptionSUMMARY:
The Enterprise Security Architect will play an integral role toward assisting in the establishment of the strategy and technical direction applied to ensure the Bank's data and applications remain secure. The role will be responsible for working with the Chief Information Security Office (CISO) and IT Risk teams to ensure that the Bank's technology platforms conform to disciplined, industry best practices for information security. In doing so the Enterprise Security Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. This highly visible position will be front and center as we work to continuously modernize our solutions and change the way we apply technology across our systems. The Enterprise Security Architect must possess both a deep and wide background in information security being applied across a wide breadth of technologies spanning solutions built in the cloud (such as AWS, Azure, and GCP), on SaaS/PaaS platforms (such as SalesForce and Office 365), and modern deployments on "open" technology stacks. As a key member of the architecture team, the Enterprise Security Architect should be comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences.ESSENTIAL DUTIES AND RESPONSIBILITIES
include the following. Other duties and special projects may be assigned.Assists in the development and maintenance of a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.Assists in the development of security strategy plans and roadmaps based on sound enterprise architecture practices.Assists in the development and maintenance of security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.Assists in the baselining of security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM).Assists in the development of standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria.Liaises with the vendor management (VM) team to conduct security assessments of prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data.Evaluates the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assesses the providers' audit reports (or alternative sources) for security-related deficiencies and required "user controls" and report any findings to the Chief Enterprise Architect, CISO, and vendor management teams.Collaborates with other security architects and security practitioners to share best practices and insights.Collaborates with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs.Participates in application and infrastructure projects to provide security-planning advice.Collaborates with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls.Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.Coordinates with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO.Coordinates with the CDO and Information Security to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization).Reviews security technologies, tools and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics.Gather and analyze requirements from product owners.Lead and mentor other team members.Foster development best practices within the team.Identify and drive process improvements.Facilitate communication with cross-functional groups.Work with the product organization to develop secure business requirements, develop the security architecture and integrate into the Bank's long term platform strategy.Stay up to date on new tools & techniques in the information security space.Conduct proof of concept activities with key business users in support of advanced use cases.Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.e. Bank Secrecy Act, US PATRIOT Act, etc.).Adheres to Bank policies and procedures and completes required training.Identifies and reports suspicious activity.EDUCATIONCollege degree or equivalent management/work experience (At least 10 years), which includes practical experience in Information Technology and IT Security. Minimum 4 years' experience with cloud-based enterprise infrastructure architecture and/or operations required.EXPERIENCEExperience in using architecture methodologies such as SABSA, Zachman and/or TOGAF.Direct, hands-on experience or strong working knowledge of managing security infrastructure -- eg, firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.3+ years experience - AWS cloud experience.3+ years experience - Cloud security architecture experience.Working knowledge of AWS cloud and 3rd party security controls and constructs:Experience with SIEM monitoring & logging tools and architectures (Splunk, Sumo Logic, etc).Experience with continuous cloud compliance tools and supporting architectures such as Redlock, Dome9, etc.Experience with AWS IAM (roles, permissions, etc).Experience with AWS Certificate Manager (ACM) (for security certificate issuance, etc).Experience with AWS WAF and external (Internet) facing systems security patterns.Experience with AWS encryption across various storage mediums (S3, EBS, etc).Experience with AWS Organizations and SCP policy concepts.Experience with 3rd party cloud network security tools such as Palo Alto firewalls.Experience with AWS native cloud network & security constructs such as security groups, NACLs, etc.Experience with data loss prevention methodologies/technologies in a cloud environment.Experience reviewing application code for security vulnerabilities.Direct, hands-on experience or a strong working knowledge of vulnerability management tools.Experience designing the deployment of applications and infrastructure into public cloud services.Direct experience designing IAM technologies and services:Active Directory.Lightweight Directory Access Protocol (LDAP).Amazon Web Service (AWS) IAM.Strong working knowledge of IT service management (eg, ITIL-related disciplines):Change management.Configuration management.Asset management.Incident management.Problem management.Experience with the following Regulations, Standards and Frameworks:Payment Card Industry Data Security Standard (PCI-DSS).Sarbanes-Oxley.General Data Protection Regulation (GDPR).Privacy Practices.CSA Framework.Strategic planning skills -- The Enterprise Security Architect must interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers.Communication skills -- The Enterprise Security Architect will be required to translate complex security-related matters into business terms that are readily understood by colleagues. The security architect should anticipate presenting analyses in person and in written formats.Ability to stay composed in the face of opposition to architectural principles, governance and standards.
#J-18808-Ljbffr
(NYSE: BKU) is a national bank headquartered in Miami Lakes, Florida with banking centers in Florida, the New York metropolitan area, Dallas and Atlanta. BankUnited has two subsidiaries, Pinnacle Public Finance headquartered in Scottsdale, Arizona and Bridge Funding Group headquartered in Hunt Valley, Maryland. We pride ourselves on our entrepreneurial and collaborative culture encompassing the best minds, the brightest talent and the boldest decision makers.BankUnited is honored to announce that we have been included on the Newsweek and Statista America’s Most Trusted Companies Award List!BankUnited has been recognized by Newsweek for two outstanding awards in 2023 as one of
America’s Greatest Workplaces
and as one of
America’s Greatest Workplaces for Job Starters
, which acknowledges our commitment to creating an exceptional workplace.Our CultureAt BankUnited, we foster a diverse and inclusive environment where all employees have the opportunity to advance, grow and achieve their goals. Our rally cry is to GO FOR MORE, a call to action to go above and beyond to provide the best customer experience to every client and to GO FOR MORE in your career.Why BankUnitedWorking for BankUnited offers you exciting challenges and opportunities to advance your professional development, while empowering you to deliver and be your best. We are happy to report the average tenure according to LinkedIn insights is 8.3 years. We strive to provide a competitive benefits plan to our employees and are proud to have been nationally ranked #1 as one of the 2023 Healthiest 100 Workplaces in America by Springbuk and awarded HEALTHIEST EMPLOYER by the South Florida Business Journal since 2020.As a company, we believe we are only as successful as our people and are committed to providing training and innovative resources that prepare you to reach your full potential. That's why in addition to tuition reimbursement, we provide our employees with exciting career coaching, courses and training through our own GO FOR MORE Academy and mentoring opportunities through our iCARE (Inclusive Community of Advocacy, Respect and Equality) program.At BankUnited, we strive to provide our employees with a work life balance. Specifically, retail branches operate 5 days a week Monday – Friday, excluding evening and/or weekend hours. For many of our positions, we offer a hybrid work environment, as well as a remote work environment for designated positions.If you thrive in a fast-paced collaborative work environment, Apply Now and start your journey with BankUnited today!Job DescriptionSUMMARY:
The Enterprise Security Architect will play an integral role toward assisting in the establishment of the strategy and technical direction applied to ensure the Bank's data and applications remain secure. The role will be responsible for working with the Chief Information Security Office (CISO) and IT Risk teams to ensure that the Bank's technology platforms conform to disciplined, industry best practices for information security. In doing so the Enterprise Security Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. This highly visible position will be front and center as we work to continuously modernize our solutions and change the way we apply technology across our systems. The Enterprise Security Architect must possess both a deep and wide background in information security being applied across a wide breadth of technologies spanning solutions built in the cloud (such as AWS, Azure, and GCP), on SaaS/PaaS platforms (such as SalesForce and Office 365), and modern deployments on "open" technology stacks. As a key member of the architecture team, the Enterprise Security Architect should be comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences.ESSENTIAL DUTIES AND RESPONSIBILITIES
include the following. Other duties and special projects may be assigned.Assists in the development and maintenance of a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.Assists in the development of security strategy plans and roadmaps based on sound enterprise architecture practices.Assists in the development and maintenance of security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.Assists in the baselining of security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM).Assists in the development of standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria.Liaises with the vendor management (VM) team to conduct security assessments of prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data.Evaluates the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assesses the providers' audit reports (or alternative sources) for security-related deficiencies and required "user controls" and report any findings to the Chief Enterprise Architect, CISO, and vendor management teams.Collaborates with other security architects and security practitioners to share best practices and insights.Collaborates with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs.Participates in application and infrastructure projects to provide security-planning advice.Collaborates with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls.Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.Coordinates with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO.Coordinates with the CDO and Information Security to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization).Reviews security technologies, tools and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics.Gather and analyze requirements from product owners.Lead and mentor other team members.Foster development best practices within the team.Identify and drive process improvements.Facilitate communication with cross-functional groups.Work with the product organization to develop secure business requirements, develop the security architecture and integrate into the Bank's long term platform strategy.Stay up to date on new tools & techniques in the information security space.Conduct proof of concept activities with key business users in support of advanced use cases.Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.e. Bank Secrecy Act, US PATRIOT Act, etc.).Adheres to Bank policies and procedures and completes required training.Identifies and reports suspicious activity.EDUCATIONCollege degree or equivalent management/work experience (At least 10 years), which includes practical experience in Information Technology and IT Security. Minimum 4 years' experience with cloud-based enterprise infrastructure architecture and/or operations required.EXPERIENCEExperience in using architecture methodologies such as SABSA, Zachman and/or TOGAF.Direct, hands-on experience or strong working knowledge of managing security infrastructure -- eg, firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.3+ years experience - AWS cloud experience.3+ years experience - Cloud security architecture experience.Working knowledge of AWS cloud and 3rd party security controls and constructs:Experience with SIEM monitoring & logging tools and architectures (Splunk, Sumo Logic, etc).Experience with continuous cloud compliance tools and supporting architectures such as Redlock, Dome9, etc.Experience with AWS IAM (roles, permissions, etc).Experience with AWS Certificate Manager (ACM) (for security certificate issuance, etc).Experience with AWS WAF and external (Internet) facing systems security patterns.Experience with AWS encryption across various storage mediums (S3, EBS, etc).Experience with AWS Organizations and SCP policy concepts.Experience with 3rd party cloud network security tools such as Palo Alto firewalls.Experience with AWS native cloud network & security constructs such as security groups, NACLs, etc.Experience with data loss prevention methodologies/technologies in a cloud environment.Experience reviewing application code for security vulnerabilities.Direct, hands-on experience or a strong working knowledge of vulnerability management tools.Experience designing the deployment of applications and infrastructure into public cloud services.Direct experience designing IAM technologies and services:Active Directory.Lightweight Directory Access Protocol (LDAP).Amazon Web Service (AWS) IAM.Strong working knowledge of IT service management (eg, ITIL-related disciplines):Change management.Configuration management.Asset management.Incident management.Problem management.Experience with the following Regulations, Standards and Frameworks:Payment Card Industry Data Security Standard (PCI-DSS).Sarbanes-Oxley.General Data Protection Regulation (GDPR).Privacy Practices.CSA Framework.Strategic planning skills -- The Enterprise Security Architect must interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers.Communication skills -- The Enterprise Security Architect will be required to translate complex security-related matters into business terms that are readily understood by colleagues. The security architect should anticipate presenting analyses in person and in written formats.Ability to stay composed in the face of opposition to architectural principles, governance and standards.
#J-18808-Ljbffr