Principal Enterprise Architect, NSEC CRYPT

Big Bank Funding. FinTech Thinking.

Join a digital-first bank that's powered by people. Our technology team builds innovative digital solutions rapidly and at scale to deliver the next generation of banking services for our customers around the world. Help shape the future of digital-first banking for our customers.

We are currently seeking an experienced professional to join our team in the role of Principal Enterprise Architect for Network Security, Cryptography, Data and Protective Security.

You'll partner with leaders across Technology to define the Network Security, Cryptography and Protective Security strategy that will define the future technology state to enable our business strategy. You'll manage the Network Security, Cryptography and Protective Security Architects to deliver the strategy, fostering an inclusive culture of collaboration, innovation, and excellence; whilst improving the customer experience.

You'll be responsible and accountable for directing the operation of the global architecture practice for Network Security, Cryptography and Protective Security, including design choices, ensuring they are aligned with group standards, and business strategy; meeting business objectives; and satisfy all relevant regulatory and operational risk controls.

You'll manage the Network Security, Cryptography and Protective Security functional areas, but also support the Cyber Risks and Controls, and Cyber Incident Management and response.

Principal responsibilities

Impact on the Business/Function

• Define, maintain, and own the Network Security, Cryptography, Data and Protective Security architecture strategy and roadmap, incorporating ZeroTrust as appropriate, ensuring alignment to other HSBC technology strategies and providing Design Authority sponsorship for major Network Security, Cryptography, Data and Protective Security initiatives across the Group.

• Provide assurance of the solutions designs produced within Cybersecurity and support the Engineering teams in the production of execution plans in executing the Strategies.

• Delivering strategic thought-leadership to the Cybersecurity Architecture Practice as well as across the Architecture and Cybersecurity functions through the production of architecture strategies for Network Security, Cryptography, Data and Protective Security and associated architecture artefacts (e.g. principles, standards, patterns and roadmaps) aligned to organisational needs and priorities.

• Introduce new practices, processes, operating model, techniques, products, services, technologies, and standards where needed against identified use cases, via the appropriate governance bodies and in collaboration with the Network Security, Cryptography, Data and Protective Security Engineering function.

Customers / Stakeholders

• Customer focused (primarily internal but with indirect external impacts): creates a customer-centric culture; sponsors and drives the development of a competitive, commercially attractive, and sustainable customer proposition. Builds sustainable customer strategies based on customer insight and regional markets .

• Builds and maintains strategic stakeholder relationships at all levels: across Global Businesses and Technology; and key strategic partnerships with third parties.

• Working alongside the CISO and the Cybersecurity executive team to drive strategic and investment planning ensuring alignment to our overall organisational strategy and priorities.

Leadership & Teamwork

• Enable the Cybersecurity Architecture organization to achieve business outcomes by empowering developers with world-class technology and practices. Adopt open source / inner sourcing for reuse, rendering standards and controls as code. Own the design authority for technology outcomes.

• Co-manage the Cybersecurity Architecture hiring strategy to ensure we are attracting, mentoring, and growing diverse high-performing architects and architectural talent.

• Create an architecture culture that fosters experimentation and learning; but also focuses on financial discipline, delivering on commitments, reducing of technical debt and appropriate risk management.

• Partnering with Cybersecurity Exco, Group Architecture Exco and our businesses to develop strategies and roadmaps for technology transformation and roadmaps to enable Business Strategies.

Operational Effectiveness & Control

• Ensure adherence to, and manage effectively against HSBC's Operational Risk Management Framework, HSBC's Controls, Functional Instruction Manual (FIM) and external regulatory requirements.

• Ensures Architecture adheres to ethical behaviour / HSBC's values.

• Build key relationships with Risk stewards, 2 nd and 3 rd line of defense (inc. Audit, Compliance and Regulatory Affairs) to ensure close and continuous management of strategic transformation.

• Manage architecture reviews through the appropriate governance mechanisms ensuring peer review of all activities.

• Ensure that any new technology products, as well as existing service patterns/deployment guides, are taken through the appropriate governance mechanisms.

Requirements

Skills and Required Qualifications:

• Demonstrate knowledge of financial services, with a particular focus on the implications of Network Security, Cryptography, Data and Protective Security for HSBC's three global businesses and supporting functions. Able to translate business needs into appropriate technology solutions.

• Extensive experience in senior Architecture / Cybersecurity roles within large scale, complex and international organisations.

• Knowledge of the external environment and drivers - regulatory, political, competitor and market.

• Experience of managing within a complex matrix environment, globally across cultures.

• Excellent people, communication and leadership skills and ability to establish effective collaborative relations with senior stakeholders across multiple functions.

• Proven track record driving complex enterprise-wide programmes critical to business performance.

• Experience in planning and managing significant expenditure in a complex organisation , with deep financial and commercial awareness.

Network Security

• Perimeter

o DDoS Protection; WAF; Network IPS / IDS; Botnet Protection

o Firewalls; ACLs; API Gateway Security

• Network Services

o Web Content Filtering (URL Categorisation, Anti-Malware)

o Email Security (Anti-Spam, Anti-Malware, Anti-Phishing, DLP)

• Network Segmentation

o Micro Segmentation (Host Isolation, Device Authentication & Authorization)

o Macro Segmentation (L3/L4 Traffic Filtering, Intrusion Detect/Prevent)

• Network Visibility

o Network Monitoring & Network Traffic analysis

• Network Access

o Network Admission Control (Posture Assessment, Device Authentication)

o Remote Access (VPN & Virtual Desktop)

Encryption

• Expert understanding of Symmetric (eg AES, RSA, Blowfish, Twofish) and Asymmetric Key Systems (eg RSA and ECC)

• Good understanding of NIST's Post-Quantum Cryptography Standardization: CRYSTALS-Kyber ( FIPS 203 ), CRYSTALS-Dilithium ( FIPS 204 ), SPHINCS+ ( FIPS 205 ) and FALCON

• Expert understanding of FIPS 140-3

• Expert understanding of enterprise key management and hardware security modules (HSMs)

Data Security

• Data Encryption and masking

• Discovery and Tagging of Structured and Unstructured data

• Securing Structured and Unstructured data in motion and at rest.

• Access Management and Monitoring of data access for both Structured and Unstructured data

• Data Loss Prevention

• Secure Data Destruction and Retention.

Protective Security

• Device Security Management

• Device Protection

• Device Integrity

• Incident Response

• Device Access Security

• Data Loss Prevention

• Deep knowledge across application, infrastructure, and data technologies enabling business outcomes.

• Expertise and knowledge of technology trends and how these can be leveraged by HSBC.

• Significant expertise in: APIs; Cloud computing (GCP and AWS); Event Streaming (Kafka); AI / Machine Learning / GenAI; Platform Engineering; and DevSecOps.

• Hands-on expertise of multiple coding languages e.g., Java, Python, Rust; & software development frameworks.

• Strong strategic thinking and problem-solving abilities with a track record of driving innovative technical solutions and continuous improvement.

• Experience of applying modern architecture: APIs, micro services, data foundation, advanced analytics / Machine Learning and directing Cloud provider capabilities.

• Recognised expertise through Industry qualifications such as CISSP, CISM, ISSAP, CCSP, etc., contributions in the scientific community, speaking experience, or contributions to the open source community.

This role is based in London / Hybrid.

Opening up a world of opportunity

Being open to different points of view is important for our business and the communities we serve. At HSBC, we're dedicated to creating diverse and inclusive workplaces. Our recruitment processes are accessible to everyone - no matter their gender, ethnicity, disability, religion, sexual orientation, or age.

We take pride in being part of the Disability Confident Scheme. This helps make sure you can be interviewed fairly if you have a disability, long term health condition, or are neurodiverse.

If you'd like to apply for one of our roles and need adjustments made, please get in touch with our Recruitment Helpdesk:

Email:
Telephone: