Macquarie Group is set to embed a 'secure by design' ethos into its global development efforts, transforming part of its approach to cyber security in the process.
The Australian-headquartered financial services group is in the process of standing up a new 'secure by design' global function that will be staffed by a team of security architects and consultants.
Secure by design is an approach to software engineering that is about creating code that is foundationally secure. It is a recommended approach by governments and security advocates alike.
Macquarie Group said in a recruitment advertisement that it wanted to "further embed a shift left methodology" for security, both within the new 'secure by design' global function, and more broadly across the group's operations.
iTnews understands the newly-created head of secure by design' role is part of a DevSecOps drive that will see the institution combine its existing security assurance and security architecture services into an end-to-end service for internal stakeholders, such as development teams.
Macquarie is known to have embraced DevOps and been embedding a 'shift left' mindset with regards to software testing since at least mid-2019.
It appears this approach is being further expanded by building in security guidelines and checks as well.
Executives indicated that the establishment of a global 'secure by design' function amounted to a "transformation of Macquarie’s cyber security architecture, design and consulting capabilities".
The head of 'secure by design' will report to the global Macquarie Group's cyber security leadership team, which sits in the company's corporate operations group.
Macquarie Group said the head of 'secure by design' is also responsible for providing a “strong focus on enabling secure delivery of digital innovations under a cloud-first strategy.”
Macquarie's banking and financial services (BFS) division is known to be going all-in on cloud; however, it appears cloud-first now has broader billing within the Group's infrastructure strategy.
The institution's own equities research unit recommended clients adopt a cloud-first approach to their operations in a note earlier this year.