Associate Director IT Security Engineering (PKI /PQC)

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.

 Pay and Benefits:
 

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

Key Responsibilities

• Lead the design, build, and operationalization of the enterprise PQC CBOM (Crypto Bill of Materials) covering: 
  • Certificates, keys, algorithms, protocols, HSM usage, and cryptographic dependencies
  • On‑prem, cloud, hybrid, and third‑party platforms
• Establish CBOM as an authoritative inventory for cryptographic assets and ownership
• Drive PQC readiness assessments, risk classification, and remediation prioritization
• Define crypto‑agility strategies aligned with NIST PQC standards and transition timelines
• Partner with vendors and internal platform teams to assess and track PQC migration readiness
• Experience in enterprise PKI architecture and strategy (internal CAs, public CAs, hybrid models)
• Solid Experience in certificate lifecycle management (discovery, issuance, renewal, revocation, automation)
• Govern and modernize TLS / mTLS, Code‑signing certificates, S/MIME, device and workload certificates
• Drive automation for certificate operations and eliminate manual, high‑risk processes
• Provide technical leadership across: 
  • Asymmetric and symmetric cryptography
  • Key management systems (KMS)
  • Hardware Security Modules (HSMs)
  • Tokenization and secrets management
• Ensure cryptographic controls meet regulatory, audit, and resiliency requirements
• Partner with IAM automation teams to embed crypto controls into IaC and CI/CD pipelines
• Work closely with network and infrastructure teams on: 
  • TLS inspection, ingress/egress security
  • Secure protocols (TLS, SSH, IPSec, VPN)
  • Ensure cryptographic consistency across Cloud platforms, SaaS and third‑party integrations
• Establish cryptographic governance models, policies, and standards
• Provide executive‑level reporting on: 
  • PQC readiness
  • Cryptographic risk exposure
  • CBOM coverage and maturity
• Lead and mentor senior engineers and architects across crypto and IAM domains
• Act as the enterprise SME and thought leader for PQC, PKI, and cryptographic risk

Talent Needed for Success

• 12+ years in cybersecurity, cryptography, PKI or IAM
• Proven experience leading large‑scale PKI or cryptographic transformation programs
• Hands‑on experience building or operating crypto inventories, discovery, or governance platforms
• Strong expertise in: 
  • PKI architectures and CA operations
  • Certificate lifecycle management platforms
  • Cryptographic algorithms (RSA, ECC, hybrid, PQC concepts)
  • Key management, HSMs, tokenization
  • Solid understanding of NIST PQC standards, quantum threat models, TLS, SSH, IPSec, mTLS, and secure network protocols
  • Experience integrating cryptography with Cloud platforms, CI/CD pipelines and Infrastructure‑as‑Code (IaC)
• Ability to lead cross‑functional teams across security, network, cloud, and application domains
• Strong stakeholder management and executive communication skills
• Experience driving security programs in regulated or highly controlled environments
• Familiarity with CBOM / SBOM / HBOM concepts and standards.
• Experience with enterprise certificate management tools
• Experience with Power BI / analytics for security reporting
• Experience with datawarehouse tools will be an advantage.

  Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.