Cloud Security Architect

Job Description

About the opportunityDepartment DescriptionThe Cybersecurity department is a part of the Global Technology function that provides IT services to the Fidelity International business, globally. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.Cybersecurity is responsible for protecting the technology environment from internal and external security threats:

• Application Security (through secure coding practices, penetration testing, and developer training)
• Centralised Access Management working to principles of least privilege, access appropriate to role, and Role Based Access Control
• Infrastructure Security
• Security Architecture and Engineering
• Security Application Support
• Cyber Defence Operations (CDO)

Purpose of your roleThe Senior Cloud Security Architect works within the Security Architecture and Engineering team in the Cyber Security group. The Security Architect is the primary contact for AWS engagement, driving interaction with core stakeholders including Product Delivery teams, Cyber Security and Cloud Operations.The Security Architect is expected to be an expert in the implementation of workload within AWS in a secure and compliant manner and will provide strategic consultation on appropriate and secure AWS use. The Security Architect will drive engagement with Cloud Operations and Product Delivery teams to support the definition of security requirements for new services and refactored applications.The architect is expected to perform secure solution design, ensuring standardisation and consistency in the definition of security principles and ensuring that security is built in by design and complies with Fidelity International security requirements. The role requires the creation of a team and supporting engagement processes, standards and tools to underpin the growing adoption of cloud services, in a secure form.Key Responsibilities

• Delivering in collaboration with the product team and Cloud Operation team robust and innovative security architecture for AWS based workload deployments.
• Designing security in from the start and supporting the companies cloud first strategy.
• Creating, reviewing and enforcing security design patterns to support desired architecture.
• Empowering Product Teams and Cloud Operations to achieve secure delivery underpinning the Cloud First strategy.
• An AWS evangelist, passionate about driving innovation of security and IAAS environment.
• Responsible for defining how Fidelity will utilise AWS in a secure and compliant manner.
• Responsible for ensuring that all AWS security designs, blueprints and artefacts are maintained and adhere to good practice.
• Acting as a point of contact for AWS Security Architecture for other Technology teams within the organisation.
• Leading the assessment of AWS services and how they may be consumed in a financial services organisation globally.
• Responsible for identifying and recommending AWS component design changes to achieve compliance with security policies and the enterprise security architecture blueprints and roadmaps.

Experience and Qualifications Required

• Recent and detailed practical experience of designing security within Amazon AWS cloud services.
• Expert in the adoption of AWS services in a secure and compliant manner.
• Experience of application security within CI/CD pipeline and associated assurance tooling.
• Detailed in-depth application security architecture skills.
• In-depth knowledge of the OWASP top 10 vulnerabilities.
• Understanding of off-cloud technologies; storage, server, network, middleware etc and how they may interact in a hybrid cloud environment.
• Familiarity with NIST 800-53, Cloud Security Alliance and ISO27001 control frameworks.
• Working understanding of GDPR, FCA regulations, Privacy regulations and practices.
• Experience of platform and application layer encryption concepts and practices.
• Team player, collaborator and educator.
• Able to operate with autonomy and build relationships - become the go-to person.
• Ability to consume and define integration technology and patterns.
• Concise and effective communicator confident with presenting to audiences at all levels in an organisation and will mixed levels of technical understanding.
• Scrum/Kanban experience.

Qualifications/Certifications

• Undergraduate degree in a relevant technology field or significant relevant experience.
• Security accreditations such as CISM, CISSP or CISA by a recognised body are required.
• Cloud security certification such as CCSK or other relevant and recognised qualification desired.
• Certifications in AWS security and architecture practices desired.

About youAbout Fidelity InternationalFidelity International offers investment solutions and services and retirement expertise to more than 2.5 million customers globally. As a privately held, purpose-driven company with a 50-year heritage, we think generationally and invest for the long term. Operating in more than 25 countries and with $739.9 billion in total assets, our clients range from central banks, sovereign wealth funds, large corporates, financial institutions, insurers and wealth managers, to private individuals.Our Workplace & Personal Financial Health business provides individuals, advisers and employers with access to world-class investment choices, third-party solutions, administration services and pension guidance. Together with our Investment Solutions & Services business, we invest $567 billion on behalf of our clients. By combining our asset management expertise with our solutions for workplace and personal investing, we work together to build better financial futures.Our clients come from all walks of life and so do we. We are proud of our inclusive culture and encourage applications from the widest mix of talent, whatever your age, gender, ethnicity, sexual orientation, gender identity, social background and more.As a flexible employer, we trust our people to perform their role in the way that works best for them, our clients and our business. We are a disability-friendly company and would welcome a conversation with you if you feel you might benefit from any reasonable adjustments to perform to the best of your ability during the recruitment process and beyond. Data as at 31 March 2021. Read more at https://www.fidelityinternational.com/Applying to this Job Role: Please note you are only required to upload your CV/Resume to the application screen.,

Keyskills :
deliverycyber securitycloud securitysolution designapplication security architectureiso 27001central bankssiemit servicessecure codingoperation teamdocumentationhybrid cloudaaadata centernist 80053