Security Compliance Manager

The Security Compliance Architect is accountable for the end-to-end security architecture, threat modeling, and compliance posture of the Collector Agent Layer. This role serves as a mandatory Phase-0 security gate, with formal sign-off required before any agent or collector is permitted to interact with production environments.The architect designs and governs cryptographic trust models, secure identity and authentication mechanisms, tamper-detection controls, and enterprise secret-management integrations to ensure that all agent-based data collection is secure, auditable, and compliant with enterprise and regulatory requirements.Key ResponsibilitiesThreat Modeling Phase-0 GovernanceOwn the Collector Agent Layer Threat Model, serving as a signed Phase-0 blocker for production deployment.Define trust boundaries, attack surfaces, and threat vectors for agent-based architectures.Ensure threat models are reviewed, approved, and version-controlled prior to any production access.Establish security acceptance criteria that must be met before agents are authorized to operate.Secure Identity, Authentication TrustDesign and govern the mutual TLS (mTLS) PKI architecture, including certificate issuance, rotation, revocation, and trust chains.Define Kafka authentication and authorization controls using SASL/SCRAM (or equivalent enterprise-approved mechanisms).Ensure secure, least-privilege identity binding between agents, brokers, and downstream systems.Data Integrity Tamper ProtectionArchitect HMAC-based tamper detection to ensure message integrity and non-repudiation across the agent pipeline.Define validation, replay protection, and integrity verification patterns for collected telemetry and events.Partner with platform teams to embed integrity controls into agent runtime and transport layers.Secrets Management Vault IntegrationDesign secure integration patterns with Bank-approved Vault services for secrets, certificates, and keys.Enforce strict separation between build-time, deploy-time, and runtime secrets.Define rotation, access controls, and audit requirements for all sensitive material used by agents.Compliance, Risk Audit ReadinessEnsure collector and agent designs meet internal security standards, regulatory expectations, and audit requirements.Produce security artifacts (threat models, control mappings, architecture diagrams) suitable for risk, compliance, and audit reviews.Act as the security authority for agent-based exceptions, risk acceptances, and remediation plans.Architecture Collaboration EnablementPartner with platform, data, and infrastructure architects to embed security-by-design principles.Provide authoritative guidance during architecture reviews, design forums, and security assessments.Mentor engineering teams on secure agent design patterns and control implementation.Core Technical Expertise7+ years experience with threat modeling for distributed systems and agent-based architectures.Strong knowledge of PKI, X.509 certificates, mTLS, and cryptographic trust models.Hands-on expertise with Kafka security, including SASL/SCRAM authentication and authorization.Proven experience designing HMAC-based integrity and tamper-detection mechanisms.Enterprise-scale experience integrating with Vault or centralized secrets-management platforms.Security ComplianceStrong understanding of least-privilege access, zero-trust principles, and defense-in-depth.Experience producing security documentation for risk, compliance, and audit stakeholders.Ability to operate as a formal control owner and security signatory.Architecture LeadershipDemonstrated ability to operate as a Phase-0 gatekeeper with authority to block unsafe designs.Strong communication skills to influence senior engineers, architects, and risk partners.Ability to balance security rigor with platform scalability and delivery velocity.FinOps Certified Practitioner/Professional