WHAT DOES A CYBERSECURITY ARCHITECT DO?

Published: October 2, 2024 - The Cybersecurity Architect develops and refines information security policies and standards to protect sensitive data within a financial institution. By advising application and infrastructure projects, this role ensures early integration of security measures, aligning with strategic goals. The architect leads initiatives, defines best practices, and mitigates risks in project designs and technology implementations to enhance the organization’s security posture.

A Review of Professional Skills and Functions for Cybersecurity Architect

1. Cyber Security Architect Duties

  • Collaboration: Actively collaborate with business stakeholders, enterprise and domain architects, engineers, construction teams, product vendors, and partners.
  • Security Controls: Define and operationalize appropriate security controls within solution architectures that protect client and customer information, systems, and network assets.
  • Assessment: Drive assessments and evaluations of emerging security capabilities to ensure architectural standards and capability roadmaps remain current and are aligned with business objectives.
  • Documentation: Define and document reusable assets such as standardized security requirements and corresponding solution patterns that can be readily applied to avoid rework.
  • Governance: Input into the creation and governance of security strategy, standards, and frameworks to ensure a coherent and optimized overall security architecture that aligns with the client's security policies and standards.
  • Architecture Definition: Define the security aspects of solution architectures and document corresponding business and security impacts.
  • Contributions: Contribute to requirements, solution impact assessments, high-level designs, solutions briefs, solution architecture definitions, and security risk assessments.
  • Communication: Identify and effectively communicate security risks to business stakeholders promptly.
  • Insight Harmonization: Harvesting and harmonizing insights from all relevant areas including privacy, legal, engineering, and operational stakeholders.
  • Security Implementation: Take a pragmatic approach to security implementation, achieving a practical balance between business objectives, standards alignment, and corresponding risk considerations.
  • Vendor Relationships: Foster strategic relationships across industry and technology vendors to anticipate and plan for emerging opportunities and threats.
  • Consultation: Utilize this expertise to support innovation and provide security consultation to business units, partners, and customers.
  • Documentation Review: Complete review and approval of SDD and SEC DD following best practices.
  • Cybersecurity Review: Conduct cybersecurity reviews to align with cybersecurity policies and strategies, enabling products to be deployed to production.
  • BAU Reviews: Conduct BAU cybersecurity reviews on a regular basis for audit compliance, review outputs, assess vulnerabilities, and address them to ensure compliance as well as decrease the risk of malicious cyber-attacks.

2. Cyber Security Architect Details

  • Security Compliance: Support Business/IM/Clients to assess, analyze, and comply with security requirements regarding Law, Group, Division, National, and Specific security requirements.
  • International Collaboration: Support international projects with other TZIY participants in other countries.
  • Process Improvement: Improve the security process to support business requirements.
  • Solution Development: Create solutions that balance business requirements with information and cybersecurity.
  • Accreditation Support: Support the accreditation process in Airbus DS France.
  • Regulatory Compliance: Ensure compliance with requirements and regulations.
  • Information Security Guidance: Provide guidance and advice in all aspects of Information Security for implementing information systems and business processes, and create risk assessments to assess and control security issues, including identifying mitigation actions.
  • Risk Assessment: Assess the level of risk associated with projects and systems.
  • Risk Decision-Making: Develop a decision-making process for the residual risks for relevant stakeholders.
  • Requirements Consultation: Consult with customers to gather and evaluate functional requirements, translating these requirements into technical Information Security controls to be included in the information systems lifecycle.
  • Legal and Regulatory Advice: Provide legally/regulatory sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain.
  • Documentation Oversight: Oversee, evaluate, and support the documentation, validation, and accreditation processes.
  • Baseline Application: Oversee and guide the proper application of Information Security baselines and associated activities of an information system in the network environment.
  • Compliance Validation: Validate technical Information Security compliance by applicable regulatory standards.
  • Continuous Improvement: Adopt and promote a culture of continuous improvement to minimize inefficiencies.

3. Cyber Security Architect Responsibilities

  • Compliance Assurance: Ensure that all bank technology initiatives and projects comply with applicable information security policies and regulations.
  • Policy Input: Provide input to Information Security policies and standards.
  • Project Advisory: Advise application and infrastructure project teams on information security planning, policy, and architecture, providing high-level security requirements to projects.
  • Best Practices Definition: Define security best practices, measures, and mechanisms at all levels of the bank stack.
  • Documentation Promotion: Thoroughly document security practices and promote best practices across the organization.
  • System Comparison: Compare different system solutions to decide on what best fits the environment.
  • Risk Identification: Identify potential risks of projects, document and address those risks, and work with other teams to resolve issues.
  • Compliance Assessment: Use established requirements frameworks for the compliance assessment of an activity, process, product, or service against applicable policy, standards, guidelines, and national requirements.
  • Project Leadership: Lead projects and ensure the quality of the deliverables.
  • Best Practices Definition: Define the best practices for Information Security and participate in international workgroups.
  • Framework Evaluation: Assess deviations from acceptable configurations, enterprise or local policy.
  • IAM Community Development: Extend the reach of new or existing IAM communities inside and outside SAP.
  • Technology Evaluation: Evaluate and recommend security technologies for use throughout the organization.
  • Risk Management: Prepare preventive and reactive measures.

4. Cyber Security Architect Job Summary

  • Threat Management: Lead the management and proactive monitoring of client or company security threats and issues, including current issue resolution, threat analysis, prevention, and security research.
  • Issue Resolution: Lead and primarily resolve client and company security issues, sourcing strategic technical guidance from applicable security SMEs, and interfacing with stakeholders.
  • Data Analysis: Combine deep industry expertise with an understanding of information and security technology to code queries examining security data and develop workarounds.
  • Vendor Collaboration: Help vendors create innovative security system patches.
  • Security Solutions Development: Lead the development, enhancement, organization, and maintenance of a client's or company's security solutions.
  • Knowledge Base Contribution: Contribute to the company's security response, threat, and resolution knowledge base by aggregating analyses from security professionals.
  • Security Practices Implementation: Provide good security practices and services to various IT infrastructure teams.
  • Security Guidance: Work closely with ICT project teams and take responsibility for providing security guidance for solution delivery.
  • Cyber Controls Improvement: Work with internal Cyber Operations, Compliance, and Support teams to continuously improve cyber controls.
  • Security Design Approval: Along with the Lead Cyber Security Architect, be accountable for signing off on security design documents for project deliverables.
  • Stakeholder Engagement: Engage with external and internal stakeholders to drive security solutions.
  • Research Standards: Research the latest security standards, new security systems, and updated authentication protocols.
  • Technical Guidance: Provide cybersecurity technical guidance and leadership for internal cross-functional teams.
  • Code Support: Support teams developing code (e.g., Python, PowerShell, Django, JavaScript, HTML, CSS) to interact with REST APIs and automate security tasks, aiming to reduce human errors and inconsistencies.
  • Equipment Installation: Direct the installation and calibration of equipment and software.

5. Cyber Security Architect Accountabilities

  • Security Architecture Development: Identify and develop the security architectural standards, design patterns, reference architectures, subdomain strategies, and roadmaps to define security principles and constructs.
  • Secure Coding Principles: Define secure coding and design principles for Rivian’s developed applications as well as third-party applications.
  • Secure SDLC Practices: Design and guide the implementation of secure SDLC practices, including code reviews (Java, .NET, and mobile), static/dynamic code analysis, secure repositories, and vulnerability assessments.
  • Cloud Security Controls: Design security controls for cloud environments such as AWS and Azure (including serverless and containerized service architecture).
  • Cyber Security Roadmap: Design and guide the implementation of Rivian’s cyber security roadmap, encompassing operational technologies, S-SDLC, advanced threat prevention, SIEM, endpoint protection, big data platforms, threat hunting, network access, privileged access management, intrusion detection, network monitoring, system hardening, network segmentation, vulnerability management, email protections, third-party access, and detection controls, IAM, etc.
  • Privacy Architecture: Experience with setting up a privacy architecture and e-commerce environments.
  • Continuous Assessment: Continuously assess and improve the organization’s cyber security controls.
  • Project Security Advising: Advise project teams on security requirements for new projects.
  • Incident Response Leadership: Help lead the organization’s computer security incident response.
  • Cybersecurity Thought Leadership: Provide thought leadership to the organization on all things cybersecurity.
  • Policy and Standards Guidance: Guide the organization in establishing policies, standards, and procedures that foster built-in security.
  • Team Mentorship: Mentor other members of the information security team.
  • Cyber Risk Alignment: Maintain expertise on the organization’s cyber risk posture, business strategy, drivers, systems, processes, and people to ensure the cyber security roadmap and controls are aligned and optimized.
  • Security Prototype Implementation: Research, evaluate, and implement new security prototypes to meet an ever-evolving cyber risk posture.
Relevant Information
What Does A Cybersecurity Analyst Do?
What Does A Cybersecurity Consultant Do?
What Does A Cybersecurity Engineer Do?
What Does A Cybersecurity Manager Do?