Overview Permanent, full-time, hybrid StoneX’s information security teams hold at bay the forces of evil that want to infiltrate our systems, steal our customers data, and extort money from our shareholders. As a Cyber Security Architect, you will be a senior member of the blue team; working closely with business leaders, technology leaders, and your peers to implement secure, scalable, resilient, and business enabling security systems. This job might be for you if:
You enjoy solving problems. You love taking on difficult challenges and finding creative solutions. You don’t get flustered easily. If you don’t know the answer, you’ll dig until you find it.
You like helping people. You get a kick out of getting people to those aha! You are patient, level-headed, and cool under pressure. Teaching someone something new makes you feel warm and fuzzy inside.
You pay attention to details. As far as you’re concerned, anything worth doing is worth doing right, every single time. You stay focused, and nothing falls through the cracks on your watch.
You think on your feet. You like learning new things, and you can learn quickly. When things change, you know how to roll with the punches.
You communicate clearly. You write well. You speak eloquently. You can explain just about anything to anyone, and you’re comfortable communicating in writing, via teleconference, and in front of small to medium groups.
You are motivated and drive. You volunteer for new challenges without waiting to be asked. You’re going to take ownership of the time you spend with us and truly make a difference.
Working with application, security, and infrastructure teams to evaluate, design, and implement secure, enterprise class systems.
Trusted Liaison between business teams and Cybersecurity by engaging with business partners as a trusted security advisor understanding business vision and needs and define an appropriate security architecture that meets enterprise requirements.
Leading a cross team architecture review/design session.
Presenting a security initiative to our Architecture Review Team.
Writing documentation around security standards, frameworks and ensuring that they align with overall business and technology strategy.
Developing a security architecture roadmap based on the NIST CSF, CIS Top 20, and global regulatory requirements.
Mentoring a Jr. Engineer / Analyst through a project or problem.
Assisting with remediation of a security incident
Collecting and reporting divisional cybersecurity metrics.
Communicate cybersecurity requirements and governance to business units and Cybersecurity leadership.
Actively engage in project activities and change management.
Conduct industry research and maintain up-to-date knowledge related to cybersecurity threats and emerging risks and changes in law / industry mandates.
Assist and conduct cybersecurity assessments.
Risk Mitigation and compliance activities.
Strong knowledge of FCA requirements and guidelines
Willingness to take on SMF role.
Candidates applying for this role must be aware that it is a Senior Manager Function/ MRT role, subject to the Financial Conduct Authority’s (“FCA”) Senior Managers and Certification Regime (“SMCR”) and the Investments Firms Prudential Regime (IFPR). The Senior Managers Regime entered into force for solo regulated firms on 9 th December 2019 and the Investments Firms Prudential Regime (IFPR) on 1 st January 2022. The Certification Regime entered into force for solo regulated firms on 31 st March 2021. Under SMCR and IFPRR, StoneX Financial Ltd (“SFL”) must ensure that employees working in certain roles categorised as specified significant harm functions (Material Risk Takers and Certified Roles) are assessed as fit and proper to perform their role. Under the regulations and guidance issued by the FCA, firms must have regard to the following when assessing fitness and propriety:
honesty, integrity and reputation;
financial soundness; and
competence and capability.
In order to comply with the requirements of the SMCR, SFL must take reasonable steps to ensure that a person does not perform either a Senior Manager or Certified Role without first being assessed/certified as being fit and proper. For this reason, you will be assessed for this role against the fit and proper requirements as described above. The assessment will be carried out through extensive interviews, self-disclosures, permitted criminal record checks, regulated reference checks, credit checks and other background screening checks. Qualifications To land this role: You need to have significant experience in multiple technology verticals. Experience / knowledge with networking, compute / storage, cloud technologies, endpoint computing, and of course cyber security. 10 years of overall technology experience. Prefer a diverse background including networking, compute, storage, and endpoint. 5 or more years’ experience in:
Security architecture, demonstrating solutions delivery, principles and emerging technologies - Designing and implementing security solutions. This includes continuous monitoring and making improvements to those solutions, working with an information security team.
Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.
Security considerations of cloud computing: They include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks.
Leadership and strategic guidance to Business for Enterprise security initiatives and ensure security fundamentals are adhered to and maintained while finding solutions that allow the business to effectively and efficiently move forward with their visions and roadmap.
Executive Communications to non-technical partners and executives related to potential threats as well as mitigating risks and implement controls.
Possible Education / Certification Requirements are:
Baccalaureate degree in Information Security, Information Assurance, Information Systems, or other related fields.
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Information Systems Security Architecture Professional (ISSAP)
Information Systems Security Engineering Professional (ISSEP)
SANS related certifications (GSE, GCIA, GCED, etc)