GCP Principal Security Architect in London

GCP Principal Security Architect 

HSBC is one of the world’s largest banking and financial services organisations.

Security Architecture helps HSBC to deliver at pace, securely. We are modernising and simplifying our software architecture landscape, continuously re-examining legacy stacks and migrating them, whilst ensuring all new build is arriving in our reference architecture which keeps pace with industry.

Our Security Architects are hands-on enablers, advisors and accelerators. With our help, the business is more resilient, and the bank operates with lower risk. We lead security innovation and work with industry leaders to transform our security capabilities.

Within cloud security, we have various platforms that support security controls and capabilities for the bank, enabling movement of applications, data to the platforms securely is the mission of cloud security. We are looking for a senior leader to work within cloud security to help set the vision and direction, and advise our global businesses, functions and innovate to aid this mission.

Purpose of the Role

The Principal Security Architect is a senior leader within enterprise security focusing on one or more of the following:

• Setting the strategic vision and direction for HSBC Security Architecture, and helping HSBC to get to the target future state.
• Being a trusted security consultant and advisor for our global businesses and Functions, helping project teams in delivering secure designs and solutions.
• Innovating within the cyber security architecture space, by using data and analytics to build next generation cyber solutions.

This role carries out the following activities in the context of Security Architecture:

• Lead and own the development of architecture strategy, and collaborate on and introduce practices, processes, operating model, techniques, products, services, technologies and standards.
• Collaborate with the business to understand their requirements, threats and risks in protecting business traffic and endpoints and with vendors to understand their offerings fully.
• Build appropriate reference architecture artifacts, understanding security technology inventory.
• Support technical design authorities and architecture review groups in taking key strategic decisions.
• Stay abreast of technology trends in their area of expertiese and wider security context and advise technology and the business about potential benefits/impacts.
• Develop a deep understanding of the various platforms that support cloud security controls and capabilities for the bank.
• Identify, deliver, and document the required artifacts to enable movement of applications and data to the cloud securely. This includes understanding security requirements, cloud services and products awareness, solution architecture design, and review and working with the cybersecurity organization to streamline governance.
• Hands-on, direct interaction with the engineering and application development teams and providing leadership to drive alignment on security requirements, influence decision makers, build relationships, and communicate strategy and architecture to the broader internal community. Be able to influence and work collaboratively to guide the developers, engineers and architects to deliver applications into the cloud securely and using reusable patterns.
• Provide detailed understanding of cloud security and cloud infrastructure services, threat landscape and attack scenarios and risks.
• Possess significant breadth across other disciplines (e.g., enterprise security architecture, compute services, storage, large-scale networking, virtualization, data center, integration architecture (API), orchestration technologies. (Kubernetes, Docker, open stack), systems resiliency, service support, Secure application development lifecycle management (DevSecOps), and service delivery
• Work with the Enterprise cloud security architects to produce secure standards for cloud services/products that require approval for use and follow the necessary governance processes and access the security posture of proposed solutions.
• Undertake cloud service (e.g. BigQuery) security risk assessments, identifying potential vulnerabilities and threat scenarios and defining and documenting relevant technical controls to mitigate those threats (in HSBC the “Security Control Documents”).
• Work on aligning strategic tooling with the necessary cloud security controls.

• To be successful in this role, the candidate will be knowledgeable across all these areas, and competent in some of these specifics:

• Able to work in an environment that embraces diversity.
• Be willing to push the bounds of the security industry and security norms.
• Dedication to life long learning.

Technical Skills

• Evidence of hands on experience and practical knowledge in their domain and other relevant domains.
• Broad knowledge of security across other domains including Data, App Sec, infrastructure and network security, software vulnerabilities.
• Strong understanding and application of tools, technologies, practices and methods used to provide internal and external security assessments, standards and controls across cloud environments (AWS, GCP, Azure and Ali Cloud).
• Evidence of embedding cloud security standards and controls across an enterprise e.g. engineering and application development using DevSecOps philosophy.
• Excellent command of cybersecurity organization practices, operations risk management processes, architectural requirements, threat modelling, engineering threats and vulnerabilities, including incident response methodologies.
• Understanding of privileged access management (PAM) and identity management (IAM) on Cloud.
• Experience and knowledge of securing Kubernetes, container and serverless cloud technologies.
• Ability to produce hardened configuration standards for cloud services.
• Experience with one or more general purpose programming languages including but not limited to: Java, C/C++, Python, JavaScript.
• Experience with IaC scripting languages is required – Terraform/Ansible.
• A proven track record working within an enterprise scale organisation.
• Keen understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity.
• Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation.
• Dev-ops and application security, data security experience and solution architecture skills required.

Soft Skills

• Ability to mentor and lead the delivery of complex change which improves business effectiveness in sustainable ways.
• Proven experience of leading others and creating an environment that supports and inspires people to develop and deliver.
• Excellent written and spoken communication skills with experience of successfully influencing others, negotiating effectively and winning over audiences with compelling and persuasive presentations.
• A track record of making complex business decisions with authority, even in times of ambiguity, considering the potential long term risks and implications.
• Organise, facilitate workshops with diverse stakeholders, negotiating differences, growing shared understanding, building consensus, reaching targeted outcomes for strategy, roadmaps, implementation plans.
• A growth mindset, embracing agile principles and exemplifying them in all interactions. Able to navigate and bridge centralised control mindsets and decentralised control mindsets. Building solution focused, collaborative non-departmental team cultures.

• Modern Software Engineering

• Frameworks: Scrum, Kanban, XP, DevOps, Lean

• Industry Experience and Qualifications

• University degree, Masters or PhD in computer science, engineering, or IT (or equivalent technical knowledge).
• 5+ years of experience leading teams of subject matter experts, engineers or architects.
• Recognised expertise through Industry qualifications such as AWS certification, Google certified cloud architect certification, CISSP, CISM, ISSAP, CCSP, etc., contributions in the scientific community, speaking experience, or contributions to the open source community.

Come Power a Business that Defines How to Power the World

As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of ethnicity, religion, age, physical or mental disability/long term health condition, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by local law in the jurisdictions in which we operate. Within the work place you will have access to various employee resource groups which aim to promote and achieve a healthy work / life balance and support our diversity ambitions.  HSBC has in place processes in order to avoid nepotism, which means to avoid creating circumstances in which the appearance or possibility of conflicts of interest may exist within the hiring process.

 We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies.

 As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK-based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.

 Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

 Recruitment Helpdesk:

Email:  

Tel: +44 (0) 207 832 8500