Job DescriptionThe Impact you will have in this role:Being a member of IT Cybersecurity and Platform Strategy team, you will lead the design, governance, and implementation of enterprise Zero Trust Network Access (ZTNA) and Secure Service Edge (SSE) capabilities. This role is a hybrid of architecture leadership, governance oversight, and hands-on technical engagement, supporting secure access modernization across a complex, regulated financial services environment.
YourPrimary Responsibilities:Architecture & Strategic Design - Define and maintain enterprise ZTNA and SSE target-state architectures, roadmaps, and transition strategies aligned with DTCC security principles.
- Establish and document Zero Trust architecture standards, including identity-centric access, least-privilege enforcement, continuous verification, and segmentation.
- Develop and maintain architecture artifacts, including:
- Reference architectures and solution patterns
- High-Level Designs (HLDs) and Low-Level Designs (LLDs)
- Architecture Decision Records (ADRs)
- Serve as the design authority for secure access and connectivity initiatives.
Governance, Risk & Control Alignment - Translate enterprise security, regulatory, and risk requirements into enforceable architectural guardrails for ZTNA/SSE platforms.
- Ensure access architectures support:
- Policy consistency and traceability
- Exception management and approvals
- Periodic access reviews and recertification
- Audit and regulatory evidence requirements
- Participate in architecture review boards, security design reviews, and governance forums as the ZTNA/SSE subject-matter expert.
Hands-On Technical Leadership - Lead and actively participate in:
- Platform design and configuration
- Proof-of-concepts and pilot implementations
- Migration initiatives (including VPN modernization)
- Architect and guide implementation of SSE capabilities, including:
- Zero Trust Network Access (ZTNA)
- Secure Web Gateway (SWG)
- Cloud Access Security Broker (CASB)
- Firewall-as-a-Service (FWaaS), where applicable
- Integration with Data Loss Prevention (DLP) services
- Design secure access models for:
- Workforce access to internal and cloud-hosted applications
- Third-party and vendor access
- Privileged and high-risk access scenarios
Multi-Vendor Platform Architecture - Design and maintain solutions across a multi-vendor ZTNA/SSE ecosystem, including:
- Zscaler
- Cisco security and secure access platforms
- Akamai enterprise access and edge security services
- Perform comparative technical evaluations and develop vendor-neutral architectural decision frameworks.
- Lead vendor engagements, technical deep dives, and roadmap assessments.
Operational Readiness & Continuous Improvement - Ensure operational integration with:
- SIEM/SOAR platforms
- Logging, telemetry, and monitoring systems
- Incident detection and response workflows
- Define and track access-related KPIs and metrics, including:
- Reduction in legacy VPN reliance
- Application onboarding progress to ZTNA
- Policy exception volumes
- Access anomaly detection and response effectiveness
- Drive continuous optimization of security posture, performance, and user experience.
**NOTE: The Primary Responsibilities of this role are not limited to the details above. **Qualifications: - Bachelors' Degree and/or equivalent experience
- 8+ years of experience in cybersecurity architecture, network security, or security engineering roles.
Talents Needed for Success: - Demonstrated experience designing and implementing Zero Trust architectures in large enterprise environments.
- Strong expertise in:
- Identity-based access controls (SSO, MFA, conditional access)
- Secure network and application connectivity concepts
- Hybrid and cloud-based access architectures
- Experience integrating ZTNA/SSE platforms with:
- Identity providers (e.g., Entra ID, Okta, Ping)
- SIEM/SOAR solutions
- Endpoint security and posture signals
- Ability to operate effectively across strategy, governance, and hands-on execution.
Preferred / Recommended Qualifications - Architecture and/or implementation experience with multiple of the following platforms:
- Zscaler
- Cisco security and networking platforms
- Akamai enterprise security and access solutions
- Familiarity with:
- Software-defined perimeter and segmentation strategies
- TLS inspection, certificate management, and privacy considerations
- SaaS governance and shadow IT risk controls
- Professional certifications such as CISSP, CCSP, GIAC, or relevant vendor certifications preferred.
Key Competencies - Enterprise security architecture and design
- Zero Trust and identity-centric access models
- Governance and control alignment
- Vendor and stakeholder management
- Technical depth with strong documentation discipline
- Clear communication across technical and non-technical audiences
Working Relationships
- Collaborates closely with Network Engineering, Identity & Access Management, Cloud Platforms, Endpoint Security, SOC, GRC, and Application teams.
- Provides architectural leadership and guidance across technology and risk organizations.
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.
Learn more about Clearance and Settlement by clicking here.