- Company Name
- LSEG (London Stock Exchange Group)
- Job Title
- Cyber Security - Secure Design Lead
- Job Description
-
**Job title:** Cyber Security – Secure Design Lead
**Role Summary:** Senior manager who leads a Security Architecture – Design team, chairs the Design Forum, and develops security architecture patterns, controls, and frameworks to embed security into technology acquisition and development across the organization.
**Expectations:** Deliver end‑to‑end secure design for new and existing systems, build and maintain the Secure Design team, drive adoption of security controls, and showcase measurable risk reduction and compliance to regulators and auditors.
**Key Responsibilities:**
- Lead and manage a team of Security Architects, ensuring resource allocation and professional development.
- Chair the Security Architecture Design Forum and represent the team in cross‑functional governance bodies.
- Design, document, and publish security architecture patterns and standards compliant with group, regulatory, and industry requirements.
- Own the security control framework, assess new technology for security posture, and integrate controls into acquisition processes.
- Evaluate architectural risks in existing systems, propose tactical/strategic remediation plans, and assess cost‑benefit trade‑offs.
- Consult and champion secure design practices with business and technical delivery teams.
- Engage with BISO, solution architects, and cloud, application security, and engineering teams on security plans.
- Manage third‑party security deliverables, track budgets, and report on financials.
- Establish and report on metrics to measure the effectiveness and efficiency of the Secure Design function.
**Required Skills:**
- 10+ years in technical engineering or information security, with senior experience in security architecture.
- Proficiency in enterprise architecture frameworks, threat modelling, and secure design patterns.
- Experience designing and applying security controls in distributed systems (on‑prem and cloud).
- In‑depth understanding of security principles, authentication, access control, encryption, network security, application security, and emerging vulnerabilities.
- Familiarity with OWASP Top 10, SANS Top 25, NIST, CIS Controls, etc.
- Strong analytical, problem‑solving, and critical‑thinking abilities.
- Ability to work under pressure, self‑start, and influence stakeholders across business and technical domains.
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Security, or related field (Master’s preferred).
- Professional security certifications such as CISSP, CISM, CCSP, or equivalent are highly desirable.