Are you ready to make an impact at DTCC?
Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.
Pay and Benefits:
- Competitive compensation, including base pay and annual incentive
- Comprehensive health and life insurance and well-being benefits, based on location
- Pension / Retirement benefits
- Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
- DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).
The impact you will have in this role:
As a PKI & Secrets Security Architect in the Cybersecurity Architecture Center of Excellence, your responsibilities include a comprehensive review of the existing public key infrastructure and secrets management capabilities for on-premises, client, and cloud. You will also inspire changes in existing control standards, create new IT security standards that are easily consumed by stakeholders, build specific security patterns & diagrams, and own the relevant 3-year capability roadmap. This role will be key in ensuring a Security-First demeanor during DTCC’s technology modernization journey.
Your Primary Responsibilities:
- Create and drive the internal and client PKI security and secrets management capability roadmap within information technology & the respective IT team members.
- Inspire change of control policies with Technology Risk Management & build positive relationships with IT Architecture & Application Development partners.
- Create IT security standards and drive best-practices which are easily consumed by IT team members.
- Own the enterprise-wide PKI architecture including HSMs – Hardware Security Modules, CAs – Certificate Authorities, CLM – Certificate Lifecycle Management.
- Proactively identify access management gaps and partner with app dev teams for remediation
- Design processes and workflows for generation, rotation and revoking certificates.
- Identify automation opportunities for certificate lifecycle.
- Act as the domain specialist to help guide and craft how certificate management services are enabled.
- Design new certificate management services, integrations, and technologies.
- Mentor junior security architects to improve their security and architecture skills within the team.
- Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.
- Craft white papers and present in industry conferences to present thought leadership in the security field.
- Align risk and control processes into day-to-day responsibilities to supervise and mitigate risk; calls out appropriately.
**NOTE: The Primary Responsibilities of this role are not limited to the details above. **
Qualifications:
- Minimum of 8 years of related experience
- Bachelor's degree and/or equivalent experience
Talents Needed for Success:
- Strong Information Security experience, specifically in PKI/Cryptography (on premise and cloud) & Secrets management.
- Solid working experience with certificate issuance ceremonies.
- In-depth knowledge of Certificate Lifecycle Management including certificate revocation list (CRLs) standard processes.
- Hands-on experience with 2+ vendors such as: Venafi, Hashicorp, Microsoft, Thales, Gemalto (SafeNet HSM), DigiCert, Hitachi (HiPAM).
- Experience in SSL certificate management concepts, processes, and solution management.
- Expertise with Online Certificate Status Protocol (OCSP) infrastructure, Hardware Security Modules (HSM), CMS Enterprise, Venafi Trust Protection Platform, and Venafi TrustNet software suites.
- Experience in building Certificate Policy (CP) and Certificate Practice Statements (CPS).
- Solid experience with Python, networking fundamentals, OS (Windows/Linux) security.
- Experience with Information Security frameworks (e.g. ISO 27001 and NIST) & security architecture frameworks.
- Deep technical writing skills to support required documentation.
- Demonstrated ability to collaborate between product management, engineering, risk, and IT teams.
- Has good communication skills with the ability to communicate in front of large audience.
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.