First VP, Security Architect, Group Information Security

Job Responsibilities

Security Architects are trusted partners and key enablers in GTO. Security Architects work with GTO teams that design, implement and operate the bank’s IT systems and applications to build in effective and consistent security controls to meet business needs, comply with regulatory requirements and protect the organization against cyberattacks.

Job Role & Responsibilities

• Drive the security design in the Group. Develop security reference architecture and design patterns that can be adopted as part of the enterprise standard and building blocks. Promote the use of standard security controls and design patterns across the organization.
• Conduct security architecture reviews across Group wide projects to ensure that effective security controls are built in and aligned to reference design.
• Identify design gaps in existing or new systems and drive the review, evaluation, and recommendations of security controls to address the risks.
• As a trusted subject matter expert, provide security advisories to stakeholders at all levels in IT and Non-IT teams. Communicate security requirements for IT systems across various security domains such as Data, Network, Workload, Cloud and Application security.
• Support the Group’s information and cyber security strategy. Represent Group IS Department, support the architecture development community and participate in related technology working groups.
• Drive the innovation on cyber security systems architecture and design. Stay current with technology trends. Connect and collaborate with regulatory and professional bodies, industry and domain experts.

Job Requirements

• Degree in Information Security, Computer Science/Engineering or related discipline.At least 10 - 15 years of relevant security experience across security domains such as Application,Cloud, Data, Application, Workload, Network, Identity & Access Management (IAM), Vulnerability Management and Security Monitoring in large and complex environment such as MNCs and Financial Institutions.
• Deep knowledge and hands-on experience in one or more of the following domains.Application Security. Banking system security, web application security, API security, authentication/authorization protocols, etc.
  Infrastructure Security. Networking, Operating systems, Databases, Zero trust, Security monitoring solutions and Cryptography, etc.
  Cloud Security/DevSecOps. Cloud native environment such as public cloud, containers, serverless. DevSecOps practices and tools for integrating security into CI/CD pipelines, etc.
  
• Good understanding on key aspects of IT lifecycle including strategic planning, application development, implementation & support, IT infrastructure and operations, vendor management, IT audit, risk management and business continuity planning.
• Relevant security certifications such as CISSP, TOGAF, SABSA, CCSK, CCIE Security or certifications from AWS/Azure/SANS/CREST, etc.
• Candidates currently in related architecture roles but is intending to switch to security domains will also be considered.
• Excellent written and verbal communication skills and ability to explain complex topics to both technical and non-technical audiences at all levels.
• Meticulous and inquisitive with strong analytical and problem-solving skills.
• Able to work independently or in a team with minimal supervision.