DTCC

Cyber Security Architect - ZTNA

DTCC$120K — $150K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelors' Degree and/or equivalent experience
  • 8+ years in cybersecurity architecture, network security, or security engineering roles
  • Proven experience with Zero Trust architectures in large enterprises
  • Expertise in identity-based access controls, secure connectivity, hybrid and cloud architectures
  • Experience integrating ZTNA/SSE with identity providers and security solutions
  • Ability to navigate strategy, governance, and execution effectively

Responsibilities

  • Define and maintain enterprise ZTNA and SSE architectures and strategies
  • Establish documents for Zero Trust architecture standards
  • Develop architecture artifacts including reference architectures and HLDs
  • Serve as the design authority for secure access initiatives
  • Translate security and regulatory requirements into architectural guardrails
  • Participate in architecture reviews as a ZTNA/SSE expert
  • Lead platform design, proof-of-concepts, and migration initiatives

Benefits

  • Collaborative work environment with cross-functional teams
  • Opportunity to lead strategic security initiatives
  • Access to advanced tools and technologies in cybersecurity
  • Professional growth through continuous optimization and performance tracking
  • Engage in innovative projects within a regulated financial sector
Full Job Description
Job Description

The Impact you will have in this role:

Being a member of IT Cybersecurity and Platform Strategy team, you will lead the design, governance, and implementation of enterprise Zero Trust Network Access (ZTNA) and Secure Service Edge (SSE) capabilities. This role is a hybrid of architecture leadership, governance oversight, and hands-on technical engagement, supporting secure access modernization across a complex, regulated financial services environment.

YourPrimary Responsibilities:

Architecture & Strategic Design
  • Define and maintain enterprise ZTNA and SSE target-state architectures, roadmaps, and transition strategies aligned with DTCC security principles.
  • Establish and document Zero Trust architecture standards, including identity-centric access, least-privilege enforcement, continuous verification, and segmentation.
  • Develop and maintain architecture artifacts, including:
    • Reference architectures and solution patterns
    • High-Level Designs (HLDs) and Low-Level Designs (LLDs)
    • Architecture Decision Records (ADRs)
  • Serve as the design authority for secure access and connectivity initiatives.

Governance, Risk & Control Alignment
  • Translate enterprise security, regulatory, and risk requirements into enforceable architectural guardrails for ZTNA/SSE platforms.
  • Ensure access architectures support:
    • Policy consistency and traceability
    • Exception management and approvals
    • Periodic access reviews and recertification
    • Audit and regulatory evidence requirements
  • Participate in architecture review boards, security design reviews, and governance forums as the ZTNA/SSE subject-matter expert.

Hands-On Technical Leadership
  • Lead and actively participate in:
    • Platform design and configuration
    • Proof-of-concepts and pilot implementations
    • Migration initiatives (including VPN modernization)
  • Architect and guide implementation of SSE capabilities, including:
    • Zero Trust Network Access (ZTNA)
    • Secure Web Gateway (SWG)
    • Cloud Access Security Broker (CASB)
    • Firewall-as-a-Service (FWaaS), where applicable
    • Integration with Data Loss Prevention (DLP) services
  • Design secure access models for:
    • Workforce access to internal and cloud-hosted applications
    • Third-party and vendor access
    • Privileged and high-risk access scenarios

Multi-Vendor Platform Architecture
  • Design and maintain solutions across a multi-vendor ZTNA/SSE ecosystem, including:
    • Zscaler
    • Cisco security and secure access platforms
    • Akamai enterprise access and edge security services
  • Perform comparative technical evaluations and develop vendor-neutral architectural decision frameworks.
  • Lead vendor engagements, technical deep dives, and roadmap assessments.

Operational Readiness & Continuous Improvement
  • Ensure operational integration with:
    • SIEM/SOAR platforms
    • Logging, telemetry, and monitoring systems
    • Incident detection and response workflows
  • Define and track access-related KPIs and metrics, including:
    • Reduction in legacy VPN reliance
    • Application onboarding progress to ZTNA
    • Policy exception volumes
    • Access anomaly detection and response effectiveness
  • Drive continuous optimization of security posture, performance, and user experience.

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **

Qualifications:
  • Bachelors' Degree and/or equivalent experience
  • 8+ years of experience in cybersecurity architecture, network security, or security engineering roles.

Talents Needed for Success:
  • Demonstrated experience designing and implementing Zero Trust architectures in large enterprise environments.
  • Strong expertise in:
    • Identity-based access controls (SSO, MFA, conditional access)
    • Secure network and application connectivity concepts
    • Hybrid and cloud-based access architectures
  • Experience integrating ZTNA/SSE platforms with:
    • Identity providers (e.g., Entra ID, Okta, Ping)
    • SIEM/SOAR solutions
    • Endpoint security and posture signals
  • Ability to operate effectively across strategy, governance, and hands-on execution.

Preferred / Recommended Qualifications
  • Architecture and/or implementation experience with multiple of the following platforms:
    • Zscaler
    • Cisco security and networking platforms
    • Akamai enterprise security and access solutions
  • Familiarity with:
    • Software-defined perimeter and segmentation strategies
    • TLS inspection, certificate management, and privacy considerations
    • SaaS governance and shadow IT risk controls
  • Professional certifications such as CISSP, CCSP, GIAC, or relevant vendor certifications preferred.

Key Competencies
  • Enterprise security architecture and design
  • Zero Trust and identity-centric access models
  • Governance and control alignment
  • Vendor and stakeholder management
  • Technical depth with strong documentation discipline
  • Clear communication across technical and non-technical audiences

Working Relationships
  • Collaborates closely with Network Engineering, Identity & Access Management, Cloud Platforms, Endpoint Security, SOC, GRC, and Application teams.
  • Provides architectural leadership and guidance across technology and risk organizations.


The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.

Learn more about Clearance and Settlement by clicking here.

About DTCC

The Depository Trust & Clearing Corporation (DTCC) is a financial services company that provides clearing, settlement, and information services for the global financial industry. DTCC was founded in 1999 and is headquartered in New York City. The company operates through subsidiaries that provide services such as trade matching, risk management, and asset servicing. DTCC is owned by its users, which include broker-dealers, banks, and other financial institutions. The company is committed to reducing risk and increasing efficiency in the financial markets.
Learn more about DTCC
Size
4,000 employees
Industry
Founded
1973

Similar Jobs

More Jobs at DTCC

More Information Technology Jobs

Find similar Cyber Security Architect - ZTNA jobs: