Job description

Principal Enterprise IAM Security Architect

 Big Bank Funding. FinTech Thinking.

Our technology teams in the UK work closely with HSBC’s global businesses to help design and build digital services that allow our millions of customers around the world, to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world’s leading international bank.

Our multi-disciplined teams include: DevOps engineers, IT architects, front and back end developers, infrastructure specialists, cyber experts, as well as project and programme managers.

HSBC is developing and deploying some of the industry’s most advanced and innovative technology to make banking easier and more secure.  This focus puts Cybersecurity front and center in protecting our customers, with HSBC’s geographical scale and customer requirements proving a unique challenge.  For instance we scan >100BN+ events in seconds to continously protect our estate

Purpose of the role

The Principal Enterprise IAM Security Architecture role is a key part of the Cybersecurity Architecture leadership team, helping to shape the future of Cybersecurity Architecture both within HSBC and across the industry. 

Enterprise IAM (EIAM) and Customer IAM (CIAM) are key foundational areas of the Security Architecture portfolio that are critical to the transformation of HSBC. The Principal Enterprise Architect for IAM will lead the bank on all the customer and enterprise IAM related workstreams, including Authentication (MFA, Passwordless), Authorization, privileged access PAM, identity and access governance, identity federation, secrets management, role based access etc.  HSBC has been running a multi year IAM transformation program and this role will lead the architecture for that program of work.

The key tenants of the job holder will be to have responsibility for two key aspects:

1. Enterprise Architecture: Define, maintain and own the IAM architecture strategy and roadmap, incorporating ZeroTrust as appropriate, ensuring alignment to other HSBC technology strategies and providing Design Authority sponsorship for major IAM initiatives across the Group.  Provide assurance of the Solutions Designs produced and support the Engineering teams in production of Execution plans in executing the Strategies.
2. Solutions Architecture: Support key Cybersecurity initiatives in providing Center of Excellence (CoE) Solutions Architecture expertise in the production of Solution Designs.

This role will be responsible for:

• Delivering strategic thought-leadership to the HSBC Cybersecurity Architecture Practice as well as across the Architecture and Cybersecurity functions through the production of architecture strategies for IAM and associated architecture artefacts (e.g. principles, standards, patterns and roadmaps) aligned to organisational needs and priorities.
• Have a deep understanding of the various platforms that support IAM security in the bank.
• Introduce new practices, processes, operating model, techniques, products, services, technologies and standards where needed against identified use cases, via the appropriate governance bodies and in collobration with the IAM Security Engineering function.
• Being influential across both HSBC’s business and technology executives to drive the realisation of our Technology strategy, whilst engaging with them to understand their business requirements, threats and risks in protecting business traffic and endpoints.
• Representing the HSBC Cybersecurity Architecture practice at executive forums to drive the adoption of the strategies and associated blueprints whilst minimising security risks / exposure within HSBC.
• Helping to define and implement metrics to monitor compliance with the defined Architecture controls with an ability to measure and manage technical debt / architectural risks and issues.
• Working alongside the CISO and the Cybersecurity executive team to drive strategic and investment planning ensuring alignment to our overall organisational strategy and priorities

Requirements

Essential Experience

Business

Have a high level business understanding of, and the implications of IAM for HSBC’s three global businesses and supporting functions.  Able to translate business needs into appropriate IT (and Cybersecurity) solutions.

Technical

Have a Cybersecurity and system engineering background; and the ability to compare and contrast different solutions to meet a business requirement.  Provide technical thought leadership in evaluation of new technologies to meet business requirements and influence key stakeholders leading to adoption.  Strong analytical and troubleshooting skills – desire to solve complex problems at scale.  Provide expert knowledge & expertise in design of the following key capabilities:

• Identity and Credential Management
• Federation
• Authentication
• AuthZ / Access Control
• Accounting
• User, Behaviour and Biometrics Analytics
• Fraud Detection & Prevention
• Access Governance
• Secrets Management
• Privileged Access Management

Additional Key skills

• Broad knowledge of security across other domains including Data, App Sec, Cyber Threat Management, Infrastructure and Network security.
• Experience with any of the industry Cloud technologies (Amazon Web Service, Azure, Google Cloud) as well as virtualization technologies (VMWare, MVS, Xen, Virtual Box, etc.).
• Experience with ForgeRock,  Active Directory/ Azure AD, Sailpoint, Centrify, RSA, Transmit Security, HashiCorp, Venafi etc.
• In-depth knowledge of key IT domains particularly computing platforms (Windows, UNIX and Linux) and networking technologies including SDN, routing (including VRFs), and enterprise network designs.
• Knowledge of API Security, client side applications, micro services architecture and event driven architecture.
• Industry qualifications such as CISSP, CISM, ISSAP, CCSP etc.

The role will be based in London at our Head Office in Canary Wharf but some travel may be required.