This role is that of a Senior Cryptography Security Architect on the Security Architecture team. The role is responsible for the analysis, design, development and implementation of architectural deliverables, to include components of the assessment and optimization of system design and review of business requirements. They will lead determination of security requirements and alignment to information security policy. May be called upon to work with database, operations, technical support and other IT areas as well as GIS Solutions Architects as appropriate throughout the development and implementation processes. Serves as a technical security resource; provides technical knowledge and security capabilities as a team member and an individual contributor. Will not have direct reports but may influence and direct activities of a team related to special initiatives or operations. May provide input on staffing, budget and personnel. Typically 5 or more years of Information Security and IT experience.

Primary Level of Engagement: Works at the team level or program level. Is an individual contributor requiring little to no supervision. Can serve as a domain expert to mentor more junior team members. Is able to contribute to multiple projects.

Primary Interactions:

Product Owner

Development Lead

Project / Solution Architect

Scrum Master / Project Manager

Senior Engineer

Information Security Engineer

Architect Community of Practice

BISO

Key Responsibilities:

• Work across business and technology to create the solution intent and architectural vision and evolve it to align with GIS policy.
• Consult with the business regarding problems and technology to understand challenges and find secure solutions through their knowledge of the domain, practical experiments and Proof of Concepts (POCs).
• Lead rapid shaping of a high-level architecture with details filled in with emerging business requirements; ensure architecture is secure and designed to adapt easily.
• Utilize the defined best practices, templates and documentation to create architectural designs; suggest improvements to best practices and templates through practical knowledge.
• Work with Product Managers and Owners to plan and prioritize security-focused backlog items for the architecture runway to enable business epics and features.
• Clarify the architecture and assist with system design (where needed) for the development teams to support implementation, and provide solution options to resolve any architectural impediments.
• Perform design and code reviews to ensure all security requirements for a solution are sufficiently met (for example, confidentiality, integrity, and availability).
• Educate team members on the security principles, technology practices, standardization strategies and best practices to create secure solutions.

Required Skills:

• Working knowledge of asymmetric and symmetric key encryption
• Working knowledge of HSMs (Hardware Security Modules) on the market and respective interfaces (e.g., PKCS, KMIP)
• Ability to educate on primary encryption topics such as network layer encryption, application/data encryption, use of a MEK, DEK, key storage and management 
• Working knowledge of encryption solutions for public cloud providers (e.g., CloudHSM, Key Vault)
• Experience with secrets vaulting solutions, encryption-decryption products, identity protocols/frameworks
• Familiarity with leading algorithms and ciphers and ability identify insecure or archaic algorithms
• Strong desire to design new cryptographic solutions at enterprise scale 
• 5+ years of Information Security experience

Desired:

• Experience and knowledge of the Credit/Payment Card industry
• PCI DSS knowledge