Job Title: Security Architect – Payments
Work Location: Hybrid – 2 days from the office (Swindon and London, UK&I)Rate Payable to Contractors: £525 per day
Duration of Assignment: 6 months
Role Description:
As a Security Architect focusing on Payment systems, your primary responsibility will be to design, implement, and maintain robust security architectures for payment systems within a financial organization. This role involves ensuring the security of financial transactions, protecting sensitive data, and complying with industry regulations.
Key Responsibilities:
Develop and implement comprehensive security strategies for payment system upgrades.
- Conduct thorough risk assessments to identify potential security threats and develop mitigation strategies.
- Create comprehensive threat models aligning with MITRE ATT&CK and STRIDE frameworks.
- Recommend the best controls and mitigations for potential vulnerabilities.
- Ensure designs comply with relevant regulations and standards, including GDPR, SOX, and PCI-DSS.
- Implement advanced encryption and access control mechanisms to safeguard data integrity and confidentiality.
- Collaborate with cross-functional teams to integrate security measures seamlessly with downstream systems.
- Ensure data at rest and in transit is encrypted using appropriate mechanisms.
- Communicate security risks and strategies effectively to stakeholders, including executive leadership and IT teams.
Key Skills, Knowledge, and Experience:
Proven experience as a Security Architect working in a large, complex organization, ideally within a financially regulated enterprise (e.g., PCI compliance).
- Extensive experience in financial organizations.
- Expertise in developing bespoke threat models leveraging frameworks like MITRE ATT&CK and STRIDE.
- Proficiency in assessing Identity and Access Management (IAM) functions and associated risks during acquisition processes.
- Ability to understand and assess the security aspects of technical designs/solutions and constructively challenge to deliver better business and security outcomes.
- Strong knowledge of cryptography.
- Basic understanding of SAP architecture in finance is a plus.
Person Specification:
Previous experience working in UK Financial Services or other highly regulated industries.
- Relevant professional qualifications (or working toward certification), such as CISM or CISSP.
- Familiarity with M&A processes and their unique security challenges.
- Knowledge and experience with PCI-DSS, including PCI-P qualification.
- Knowledge and experience with data privacy and GDPR.
- Experience with regulatory compliance frameworks specific to financial organizations.
- Excellent interpersonal and communication skills.
- Ability to work independently and collaboratively within a team.