SUMMARY: The Enterprise Security Architect will play an integral role toward assisting in the establishment of the strategy and technical direction applied to ensure the Bank's data and applications remain secure. The role will be responsible for working with the Chief Information Security Office (CISO) and IT Risk teams to ensure that the Bank's technology platforms conform to disciplined, industry best practices for information security. In doing so the Enterprise Security Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. This highly visible position will be front and center as we work to continuously modernize our solutions and change the way we apply technology across our systems. The Enterprise Security Architect must possess both a deep and wide background in information security being applied across a wide breadth of technologies spanning solutions built in the cloud (such as AWS, Azure, and GCP), on SaaS/PaaS platforms (such as SalesForce and Office 365), and modern deployments on "open" technology stacks. As a key member of the architecture team, the Enterprise Security Architect should be comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties and special projects may be assigned.
Assists in the development and maintenance of a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
Assists in the development of security strategy plans and roadmaps based on sound enterprise architecture practices
Assists in the development and maintenance of security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
Assists in the baselining of security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM)
Assists in the development of standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria
Liaises with the vendor management (VM) team to conduct security assessments of prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data * Software as a service (SaaS) providers * Cloud/infrastructure as a service (IaaS) providers * Managed service providers (MSPs)
Evaluates the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assesses the providers' audit reports (or alternative sources) for security-related deficiencies and required "user controls" and report any findings to the Chief Enterprise Architect, CISO, and vendor management teams
Collaborates with other security architects and security practitioners to share best practices and insights
Collaborates with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs
Participates in application and infrastructure projects to provide security-planning advice
Collaborates with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls
Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
Coordinates with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO
Coordinates with the CDO and Information Security to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
Reviews security technologies, tools and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics
Gather and analyze requirements from product owners
Lead and mentor other team members
Foster development best practices within the team
Identify and drive process improvements
Facilitate communication with cross-functional groups
Work with the product organization to develop secure business requirements, develop the security architecture and integrate into the Bank's long term platform strategy
Stay up to date on new tools & techniques in the information security space
Conduct proof of concept activities with key business users in support of advanced use cases
Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.e. Bank Secrecy Act, US PATRIOT Act, etc.).
Adheres to Bank policies and procedures and completes required training.
Identifies and reports suspicious activity.
EDUCATION
College degree or equivalent management/work experience (At least 10 years), which includes practical experience in Information Technology and IT Security Minimum 4 years' experience with cloud-based enterprise infrastructure architecture and/or operations required.
EXPERIENCE
Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF
Direct, hands-on experience or strong working knowledge of managing security infrastructure -- eg, firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology
3+ years experience - AWS cloud experience
3+ years experience - Cloud security architecture experience
Working knowledge of AWS cloud and 3rd party security controls and constructs:
Experience with SIEM monitoring & logging tools and architectures (Splunk, Sumo Logic, etc)
Experience with continuous cloud compliance tools and supporting architectures such as Redlock, Dome9, etc
Experience with data loss prevention methodologies/technologies in a cloud environment
Experience reviewing application code for security vulnerabilities
Direct, hands-on experience or a strong working knowledge of vulnerability management tools
Experience designing the deployment of applications and infrastructure into public cloud services
Direct experience designing IAM technologies and services:
Active Directory
Lightweight Directory Access Protocol (LDAP)
Amazon Web Service (AWS) IAM
Strong working knowledge of IT service management (eg, ITIL-related disciplines):
Change management
Configuration management
Asset management
Incident management
Problem management
Experience with the following Regulations, Standards and Frameworks:
Payment Card Industry Data Security Standard (PCI-DSS)
Sarbanes-Oxley
General Data Protection Regulation (GDPR)
Privacy Practices
CSA Framework
Strategic planning skills -- The Enterprise Security Architect must interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers
Communication skills -- The Enterprise Security Architect will be required to translate complex security-related matters into business terms that are readily understood by colleagues The security architect should anticipate presenting analyses in person and in written formats
Ability to stay composed in the face of opposition to architectural principles, governance and standards
Ability to work independently
Self-motivated
Strong customer service skills
BankUnited is an Affirmative Action and Equal Opportunity Employer. BankUnited does not discriminate against individuals on the basis of race, creed, color, gender, religion, national origin, age, disability, veteran status, pregnancy, marital status, citizenship status, sexual orientation, gender identity, genetic information, or any other classification protected by applicable laws.