IT Security Architect

We are looking for an

IT Security Architect (m/f/d)

(unlimited, full-time) Join our team at our location in Tallinn – flexible working conditions available

We are seeking an experienced IT Security Architect with expertise in cloud and network security, Identity and Access Management (IAM), Privileged Access Management (PAM), and an understanding of the financial services' regulatory environment. This strategic role involves designing secure, scalable architectures and guiding the implementation of security controls across a complex, international IT landscape.

Key Responsibilities

Enterprise Security Architecture
Lead the design and evolution of enterprise security architecture in close collaboration with business, IT, and external partners.
Ensure alignment of security architecture with strategic business objectives, infrastructure modernization, and cloud transformation initiatives.Security Governance & Risk Management
Provide expert-level guidance on implementation of security controls to infrastructure, operations, and other stakeholders to ensure compliance with industry standards and regulations (ISO/IEC 27001, PCI DSS, GDPR, DORA, SWIFT CSP).Drive security reviews and continuous improvement programs across business units and geographies.Security Architecture Consulting (with Financial Sector Focus)
Deliver security consulting at both application and infrastructure levels, with emphasis on:Financial platforms and payments infrastructure (e.g., core banking, real-time payments).IAM/PAM architecture, including RBAC, ABAC, JIT access, MFA, SSO, and federated identity (SAML, OAuth2, OIDC).API and third-party FinTech integration, applying secure patterns (e.g., token-based authentication, mTLS).Secure deployment of SaaS tools like Microsoft 365, with controls for DLP, conditional access, and email security.Cloud Security & DevSecOps
Design secure architectures for hybrid and cloud-native environments (Azure, AWS, GCP).Integrate Zero Trust, least privilege, and infrastructure-as-code principles into cloud and DevOps environments.Embed security into the SDLC using automated scanning (SAST, DAST, IAST) and container security practices.Policy, Standards & Control Implementation
Define, implement, and maintain enterprise-wide security policies, controls, and technical standards.Ensure alignment between security governance, vulnerability management, and enterprise architecture.Research & Innovation
Continuously monitor emerging cyber threats, compliance trends, and security innovations to improve security posture and advise strategic direction.

Qualifications & Experience

Education:
Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent practical experience).Experience:
8+ years in IT security architecture or engineering, within financial services, banking, or payments is a benefit.Proven expertise in IAM, PAM, cloud and network security, and integration of third-party services.Strong background or familiarity with secure software development and DevSecOps practices.Certifications (Preferred):
CISSP, CISM, TOGAF, ISO/IEC 27001 Lead Implementer/Auditor, ITIL, SABSA, CEH, or equivalent.

Skills & Competencies

Deep knowledge of enterprise and cloud security architecture and controls.Solid understanding of regulatory frameworks: ISO/IEC 27001, NIST CSF, PCI DSS, DORA, GDPR, SWIFT CSP.Strong analytical skills and a pragmatic, risk-based approach to security decisions.Excellent communication and stakeholder management in matrixed, international organizations.Proactive, self-motivated, and committed to continuous learning.Fluent in English; German proficiency is highly beneficial.

---