Vice President, Technology Control Management I

• Technology leadership in carrying out risk assessment exercises designed to highlight and clearly articulate IT Security risk to the business in terms they understand
• Reviewing technical security measures employed in business systems, identifying technical and information security risks, managing suitable risk registers and driving agreed risk resolution
• Establishing and maintaining a suitable framework of policies, and ensuring processes defined and followed deliver suitable security
• Leading the supplier assurance process from an IT security perspective to ensure suppliers and products are fit for purpose and comply with minimum security requirements
• Lead and support the execution of 3rd party penetration testing across the business enterprise
• Respond to and support internal and external audit exercises by articulating architectures, describing operational security processes and collecting evidence
• Provide regular MI to senior management through established reporting cycles
• Manage cross platform IT Security Risk Registers and resolution of identified risks
• Understanding of the technical security measures required for enterprise IT environments as described above with an appreciation for the fundamental defense in depth and zero trust approaches to IT security
• Working with multiple cloud-based solution providers and strong understanding of the security risks associated with cloud-based SaaS, PaaS and IaaS service providers
• Ability to define explicit security requirements commensurate with the overall risk of the project to delivery team and its stakeholders during early engagement
• Developing qualitative and quantitative comparative analysis metrics when considering multiple security products or vendors
• Successfully working within regulated industries and responding to their authoritative agencies
• Full understanding of several industry recognized best practices for deployment of technical security controls and associated processes
• Defining architectural principles, design patterns and standards for IT security

• Proven technology leadership of maturing cyber security capabilities, technology mentor and leader to a diverse set of teams.
• Experience with Cyber Security controls in a range of technical environments.
• Understanding of the technical security measures required for enterprise IT environments as described above with an appreciation for the fundamental defense in depth and zero trust approaches to IT security.
• Structured approach to identification, prioritization of threats and vulnerabilities, scoping and remediation work.
• Strong understanding of security threats, attack vectors, and mitigation techniques
• Knowledge of secure design patterns, cryptography, and access control models
• Deep technical knowledge of web related technologies such Web applications, Web Services and REST-based Service Architectures and of network/web related protocols.
• Experience with industry-standard threat modelling frameworks, such as STRIDE, DREAD, or PASTA.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Proficiency in creating and interpreting technical documentation, including data flow diagrams and use case diagrams.
• Familiarity with security standards and regulations such as ISO 27001, NIST, MITRE, CIS and GDPR.
• Ability to make best use of available resources and identify where external or 3 rd party resources are required.
• Familiarity with technology operations and change management
• Familiarity with project development and S-SDLC.
• Keeps updated on technologies, industry practices and services.
• Deals confidently with conflict, able to maintain a strong professional relationship whilst resolving difficult problems.
• Ability to match available technical solutions to business requirements
• Ability to think on the fly and adapt solutions to meet urgent requirements should they arise.
• Self-Confident and Robust
• Strong problem-solving and trouble-shooting skills
• Self-motivated and possessing of a high sense of urgency and personal integrity
• Demonstrated experience and success in similar security architect roles in highly regulated industry (e.g., financial services industry)
• Degree in Computer Science, Cyber Security or a related field backed by equivalent work or education-related experience.
• Minimum of 8 years of experience in cyber security architecture, design, threat modelling, secure software development, and application security.
• Proven experience of technology leadership and guidance and helping lead the teams from a technical perspective.
• Industry-recognized certifications, such as CISSP, CISM, or CSSLP, are preferred.

Preferred additional skills

• Familiar with containerization including building secure container images, monitoring and security tooling for CI/CD pipelines such as GitHub Enterprise, TeamCity, Aqua Security, SonarQube and orchestration at scale such as Kubernetes and Azure Kubernetes Service
• Familiar with IT Security standards and industry recognized guidelines such as CIS and OWASP
• Familiar with Cloud secrets management such as Cloud vaults, key management & rotation, MFA, HSM s.
• Familiar with agile methodologies and Dev SecOps processes.

• America s Most Innovative Companies, Fortune, 2024
• World s Most Admired Companies, Fortune 2024
• Human Rights Campaign Foundation, Corporate Equality Index, 100% score, 2023-2024
• Best Places to Work for Disability Inclusion , Disability: IN - 100% score, 2023-2024
• Most Just Companies , Just Capital and CNBC, 2024
• Dow Jones Sustainability Indices, Top performing company for Sustainability, 2024
• Bloomberg s Gender Equality Index (GEI), 2023