The Director of Security Architecture will have the following responsibilities:
- Ability to act as a security design authority for all core infrastructure
- Optimize the strategy for Security Monitoring and Response & Cloud Identity and design the target state architecture, define the security roadmap, communicate and execute the strategy
- Building security roadmaps for new technologies that can be utilized on premises and in a hybrid cloud environment
- Creates Security Designs for the interim and target state for applications
- Execution of the Security Architecture framework
- Delivery of Security Specifications, Threat Models, Blueprints and patterns
- Ability to work across each of the security domains( Identity and Access Management, Network Security, Data Security, Monitoring and Security Operations)
- The ability to use adversary based threat modeling to yield designs that are as secure as possible
- Design, develop and optimize security capabilities to include Endpoint Monitoring, Network Monitoring, cloud Monitoring, Insider Threat monitoring, Email Monitoring and Fraud monitoring
- Responsibility for designing security for cloud integrations(e.g. IPaaS platforms, API)
Position Candidate Requirements:
- Minimum of 15 years of experience in information security field with experience in Security Architecture
- Expert Security Architecture background and proven primary experience in one of the key security domains (Monitoring, Network, Incident response, IAM, Operations)
- Experience in migrating large enterprises to hybrid and native cloud
- Ability to deliver analytical products to include Adversary based threat models, and risk analysis
- Experience in secure SaaS migrations
- Experience in Threat Modeling and demonstrate a capability to architect solutions to prevent threats as a design principal
- Ability to research, analyze and solve complex technical problems without supervision
- Expert level Visio experience
- Hands on security experience and infrastructure design experience in Azure, AWS or GCP
- Strong team player
- The ability to act as a trusted advisor to the business
- Strong presentation and communication skills
- Bachelor’s degree in Computer Science or Information Technology
- CISSP required
- CCSK, CCSP or OSCP preferred
- Experience with building use cases in Splunk preferred
- Understands how cyber-attacks are executed and can build architecture constructs to prevent attacks and enable real time detections
- Financial sector experience preferred
- The ability to think out of the box and to find threats and deliver mitigations through quantitative analysis
- Provides insights and direction to other team members on the nuances of technologies, architectures and analysis to support full stack security build out
- Prefer background in Threat Intelligence and a deep understanding of Threat Actors and TTPs and the ability to design for question based analysis to support investigations
- Experience using statistical analysis to quantify risk
- Communicate the security strategy and drive the consistency of application security principles to all stakeholders
- Knowledge of the MITRE ATT&CK Framework. Past experience conducting or leading incident response.
- Prior programming experience(e.g. Python,C++, Java)
At Voya, we have identified the following critical skills which are key to success in our culture:
- Customer Focused: Passionate drive to delight our customers and offer unique solutions that deliver on their expectations.
- Critical Thinking: Thoughtful process of analyzing data and problem solving data to reach a well-reasoned solution.
- Team Mentality: Partnering effectively to drive our culture and execute on our common goals.
- Business Acumen: Appreciation and understanding of the financial services industry in order to make sound business decisions.
- Learning Agility: Openness to new ways of thinking and acquiring new skills to retain a competitive advantage.