Job Title: Security Architect – Mortgages
Work Location: Hybrid – 2 days from the office (Swindon and London, UK&I)
Rate Payable to Contractors: £525 per day
Duration of Assignment: 6 months
Role Description: As a Security Architect focusing on Mortgage systems, your primary responsibility will be to design, implement, and maintain robust security architectures for mortgage-related systems within a financial organization.
This role involves ensuring the security of sensitive data, protecting transactions, and complying with industry regulations.
Key Responsibilities: Develop and implement comprehensive security strategies for Mortgage System upgrades.
Conduct thorough risk assessments to identify potential security threats and develop mitigation strategies.
Create comprehensive threat models aligning with MITRE ATT&CK and STRIDE frameworks.
Recommend the best controls and mitigations for potential vulnerabilities.
Ensure designs comply with relevant regulations and standards, including GDPR, SOX, and PCI-DSS.
Implement advanced encryption and access control mechanisms to safeguard data integrity and confidentiality.
Implement Cloud Security controls using firewalls and leverage Microsoft Defender for Cloud capabilities in the security design.
Ensure data at rest and in transit is encrypted using appropriate mechanisms.
Communicate security risks and strategies effectively to stakeholders, including executive leadership and IT teams.
Key Skills, Knowledge, and Experience: Proven experience as a Security Architect working in a large, complex organization, ideally within a financially regulated enterprise (e.g., PCI compliance).
Extensive experience in financial organizations.
Expertise in developing bespoke threat models leveraging frameworks like MITRE ATT&CK and STRIDE.
Proficiency in assessing Identity and Access Management (IAM) functions and associated risks during acquisition processes.
Ability to understand and assess the security aspects of technical designs/solutions and constructively challenge to deliver better business and security outcomes.
Strong knowledge of cryptography.
Familiarity with Microsoft Defender for Cloud.
Basic understanding of Mortgage systems in finance is a plus.
Person Specification: Previous experience working in UK Financial Services or other highly regulated industries.
Relevant professional qualifications (or working toward certification), such as CISM or CISSP.
Knowledge and experience with PCI-DSS, including PCI-P qualification.
Knowledge and experience with data privacy and GDPR.
Experience with regulatory compliance frameworks specific to financial organizations.
Excellent interpersonal and communication skills.
Ability to work independently and collaboratively within a team.