ABOUT US:
LSEG (London Stock Exchange Group) is more than a diversified global financial markets infrastructure and data business. We are dedicated, open-access partners with a dedication to excellence in delivering the services our customers expect from us. With extensive experience, deep knowledge and worldwide presence across financial markets, we enable businesses and economies around the world to fund innovation, manage risk and create jobs. It's how we've contributed to supporting the financial stability and growth of communities and economies globally for more than 300 years. Through a comprehensive suite of trusted financial market infrastructure services - and our open-access model - we provide the flexibility, stability and trust that enable our customers to pursue their ambitions with confidence and clarity.
LSEG is headquartered in the United Kingdom, with significant operations in 70 countries across EMEA, North America, Latin America and Asia Pacific. We employ 25,000 people globally, more than half located in Asia Pacific. LSEG's ticker symbol is LSEG.
OUR PEOPLE:
People are at the heart of what we do and drive the success of our business. Our culture of connecting, creating opportunity and delivering excellence shape how we think, how we do things and how we help our people fulfil their potential. We embrace diversity and actively seek to attract individuals with unique backgrounds and perspectives. We break down barriers and encourage teamwork, enabling innovation and rapid development of solutions that make a difference. Our workplace generates an enriching and rewarding experience for our people and customers alike. Our vision is to build an inclusive culture in which everyone feels encouraged to fulfil their potential.
We know that real personal growth cannot be achieved by simply climbing a career ladder - which is why we encourage and enable a wealth of avenues and interesting opportunities for everyone to broaden and deepen their skills and expertise. As a global organisation spanning 70 countries and one rooted in a culture of growth, opportunity, diversity and innovation, LSEG is a place where everyone can grow, develop and fulfil your potential with meaningful careers.
WHAT YOU'LL BE DOING:
- Develop Security Architecture Design Patterns and Standards to comply with group security requirements, industry standards, customer requirements, regulatory requirements and good practices.
- Assist the development of and champion a Security Architecture control framework.
- Research, design and document the security posture requirements and controls of new technology introduced into the Group. Engage with technology acquisition processes to ensure all new technology introduced is evaluated.
- Research industry trends and regulatory requirements.
- Contribute to the Security Architecture evaluation of risks identified in systems, including reviewing, and proposing tactical and strategic remediation plans, and evaluation of the cost / risk benefits of remediations.
- Contribute to the adoption of secure by design practices, with technical delivery teams for both existing systems and new systems, e.g. use of internal or external guidance, leading Threat Modelling activity.
- Nurture the use of secure technical practices to deliver technical excellence.
- Support experimentation and innovation in solving problems
- Supervise third parties in their deliveries related to the domain area
- Provide company representation, internally and externally, related to information security, as needed.
- Contributes to the use of metrics and their monitoring to report the effectiveness and efficiency of the Security Architecture function.
- Contributes to the content and management of the Security Architecture intranet presence.
ROLE SUMMARY:
Team Responsibilities
None - individual contributor
Critical Deliverables
- Contributing to the development and prioritisation of the security design pattern library
- Developing and delivering security design patterns - individually or in conjunction with other teams, as necessary
- Working with the neighbouring security teams and delivery projects to address emerging areas of secure design guidance and interventions
- Contributing to security architecture interventions in business specific process for acquiring and developing new technology
- Contributing to the development and reporting of metrics for the Secure Design team, within the broader Security Architecture function
Impact
- This is a group-wide role which is significant in the effective and efficient management of security risks associated with business technology systems.
- The success of the post holder will be in balancing the major aspects of the role:
- The ability to work effectively and pragmatically with project teams, to drive secure by design outcomes, while enabling projects to deliver.
- Develop or refresh security architectural collateral - based on the planned and emerging needs of the business during project delivery, identifying gaps in security architecture collateral to be added to the security design pattern library.
Key Performance Indicators
- Delivery of design patterns (timeframe from development initiation to substantive draft, through to general availability)
- Successful outcomes from security architectural interventions with delivery projects
Functional knowledge and experience
- 5+ years of increasing depth of expertise in technical engineering or information security roles, security architecture preferred.
- Familiarity with enterprise architecture frameworks and their application
- Familiarity with threat modelling / design pattern development
- Experience in designing and applying security controls into distributed systems (on premises and cloud)
- Understanding of the latest security principles, techniques and protocols
- Critical, independent thinking
- Problem solving skills, ability to work under pressure and able to work within broad direction
- Good understanding of both common and emerging vulnerabilities including their manifestation in different architectures (web applications, thick clients, APIs, networked infrastructure, containerisation etc)
- Familiarity with industry standard guidance OWASP Top 10, SANS Top 25, NIST / CSC, CIS, NCSC etc.
- Applied understanding of topics such as authentication, access control, encryption, cloud security, operating system security, network security, database security.
- Experience of writing succinct, reader oriented, visually compelling documentation
Business a