Overview
The Security Architect is a senior manager aligned to a division or function. Security Architect is responsible to enforce Information Security compliance within their area of responsibility in line with the CISO mandate and strategy as well as the bank’s risk appetite. Furthermore, Security Architect are the experts and points of escalation for all IT security related aspects of the IT assets in their area of responsibility. They provide guidance on how to implement technical control aspects and achieve compliance to the related Information Security controls and ensure appropriate handling of any relevant exceptions. In close cooperation with the respective Chief BISOs they support the business divisions as well as the COO IT counterparts to comply with Security Controls.
Role Responsibilities
- Design, build and implement enterprise-class security systems for a production environment
- Align standards, frameworks and security with overall business and technology strategy
- Identify and communicate current and emerging security threats
- Design security architecture elements to mitigate threats as they emerge
- Create solutions that balance business requirements with information and cyber security requirements
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
- Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications
- Train users in implementation or conversion of systems
- Derive the IT Security strategy from the overall Chief Information Security Office (CISO) strategy and requirements and translates this into an operational plan for delivery for their area of responsibility
- Act as point of escalation for IT Security issues and exceptions.
- In relation to the IT Assets, processes within their scope of responsibility they:
- Drive integration of Chief Information Security Office Initiatives, programs and central solutions and ensure alignment with the divisional portfolios.
- Ensure effective and efficient communication, coordination and implementation of CISO IT Security requirements and decisions
- Are responsible for the adoption of centrally mandated Security Solutions and the maintenance of technical security documentation and compliance to security controls.
- Are the recognized expert in DB Information Security Policies and procedures and their implementation in relation to technologies.
- Proactively manages IT audits and plan (in co-operation with COO IT management) preparation and remediation.
- Ensure appropriate senior management awareness/oversight of follow-up on action items to resolve identified issues, e.g. information security reviews of vendors, audit issue resolution.
- Spearhead independent reviews of IT Security Controls, prioritise identified issues and assesses remediation actions for quality, considering the optimal cost-risk ratio as well the strategically optimal resolution (e.g. Information Security control evaluation and respective follow up activities).
- Verify remediation concepts for critical and systemic issues and monitors their execution according to plan and with quality.
- Partner with key stakeholders (Chief BISOs and IT management etc.) to act as mediator and subject matter expert for them on Information Technology Security topics. Ensure a common understanding of Information Technology Security risks and their implications for the Group and for their scope of responsibility.
Experience and Exposure
Experience of 10-15 years in:
- Security architecture, demonstrating solutions delivery, principles and emerging technologies - Designing and implementing security solutions. This includes continuous monitoring and making improvements to those solutions, working with an information security team.
- Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.
- Security considerations of cloud computing: They include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks.
- Identity and access management (IAM) – the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources.
- Experience with and knowledge of:
- VB.NET, Java/J2EE, ColdFusion, API/web services, scripting languages and a relational database management system (RDBMS) such as MS SQL Server or Oracle. These are some of the technical elements needed to build security into an organization.
- ISO27001 – specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organization’s risk management
- Control Objectives for Information and Related Technologies (COBIT)
- Windows and UNIX environment.
- General skills include:
- Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills
- Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments
- Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
- The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background
Education/Certification
- Degree in Information Security or a comparable education
- In addition, the following education/certification attainment will be beneficial:
- CISSP (Certified Information Systems Security Professional) or equivalent.
- ISSMP (Information Systems Security Management Professional).
- CISM (Certified Information Security Manager) or equivalent.
Our values define the working environment we strive to create – diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.
We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.
