Information Security Architect - Identity & Cryptography

Location/Environment: Tampa, FL, or Dallas, TX (Hybrid)
Industry: Financial Services

A leading financial services firm seeks an experienced Secrets Security Architect to design, implement, and govern its secrets and certificate management framework, ensuring the security of sensitive data in a high-stakes financial environment. In this role, the architect will be responsible for developing secure, scalable solutions to protect critical assets, such as credentials, API keys, and certificates, while aligning with regulatory requirements and industry best practices as part of the firm's overarching information security architecture.

Key Responsibilities:

• Lead the design of secrets management and PKI solutions within the enterprise architecture, leveraging tools like HashiCorp Vault and Azure Key Vault.
• Develop and enforce SSL/TLS standards, Certificate Policy (CP), and Certificate Practice Statements (CPS) to ensure encrypted and secure communications across financial data environments.
• Oversee the implementation and management of HSMs and Certificate Authorities, supporting safe and regulatory-compliant cryptographic operations for critical applications.
• Partner with DevOps and cloud teams to integrate secrets management within CI/CD pipelines, automate secret rotations, and enforce security best practices in a high-throughput financial services setting.
• Enhance security across networks and operating systems, applying secure communication protocols and controls essential for safeguarding secrets management.
• Conduct risk assessments and monitor secrets access, addressing vulnerabilities, anomalies, and incidents to protect sensitive data.
• Develop training programs and document best practices for technical teams, ensuring compliant and consistent implementation of secrets and certificate management practices across the organization.

Qualifications:

• Experience: Minimum of 8 years in cybersecurity, including at least 4 years in information security architecture, secrets management, or PKI within the financial services sector.
• Technical Skills:
  • Expertise in secrets management and PKI solutions (e.g., HashiCorp Vault, Azure Key Vault) applied to financial applications.
  • Strong knowledge of SSL/TLS, PKI, certificate management, and policy (CP and CPS) development in alignment with financial security standards.
  • Proficiency with Hardware Security Modules (HSMs), Certificate Authorities, and secure key management practices.
  • Familiarity with cloud platforms (AWS, Azure, GCP), DevOps tools (Jenkins, GitLab CI/CD), and automation scripting in Python.
  • Solid understanding of network security, OS security, and secure communication protocols for regulated environments.
• Certifications: Preferred certifications include CISSP, CISM, CCSP, or cloud security-specific credentials.
• Education: Bachelor's degree in Computer Science, Cybersecurity, or a related field is required; a Master's degree is preferred.