Job description

Job Description

This is a senior technical role responsible to drive security architecture, innovation and strategy 
and help GTO teams to design, deploy and operate systems with appropriate security controls 
to meet business goals along with customer and regulatory requirements. This role is part of 
Group Information Security who is driving overall security strategy and practice in the bank.

Key Responsibilities:

• Drive the security strategy and architecture for the group. 
• Lead security architect team. Design the overall security architecture and standard 
• methodology of implementing security controls across the bank’s platforms.
• Develop and maintain the security reference architecture.
• Develop the security design patterns and guidelines for existing and emerging 
• technologies such as AI. Promote the use of standard controls across the organization. 
• Conduct security design review for group wide systems to identify security design gaps 
• and recommend mitigations.
• Determine and communicate security requirements for IT systems by aligning with 
• business strategies, understanding the threat landscape, evaluating technology, keeping 
• awareness of industry and regulatory development, and assessing risks.
• As security subject matter expert, provide security advisory service to IT and non-IT 
• teams.
• Participate and support the architecture development community and working groups.
• Maintain personal and management awareness of technologies trends, innovations and 
• issues.
• Connect with industry and participate in forums and conferences. 

Requirements

• Degree in Information Security, Computer Science/Engineering or related discipline. 
• Master Degree in Information Security or Computer Science is a plus. 
• At least 15 years of IT experience, in which over 6 years are in the capacity of leading 
• security architect team preferably in a large BFSI environment with proven track record 
• in building security solutions and establishing security architecture practices.
• Deep understanding of enterprise architecture and security frameworks like TOGAF, 
• NIST, CIS, etc.
• Solid know-how of security controls such as authentication and authorization, 
• cryptography, cloud security, devsecops, container security etc.
• Solid know-how of emergency technology such as AI and blockchain, and the 
• associated risks.
• Good understanding of the key IT aspects including strategic planning, application 
• development, implementation & support, IT Infrastructure and operation, vendor 
• management, IT audit, risk management and business continuity planning.
• Hands on experience of banking systems and operations.
• Familiar with Secure SDLC, dynamic and static code analysis and threat modeling.
• Familiar with the regulator requirements.
• Relevant certifications such as TOGAF, SABSA, CISSP, ISSEP and CSSLP would be 
• advantages.
• Excellent written and verbal communication skills. Ability to effectively interact with a 
• broad cross-section of personnel to explain and convince security risks and controls.
• Excellent analytical and critical thinking skills.
• Strong leadership, project and team-building skills, including the ability to lead teams 
• and drive projects and initiatives in multiple departments.
• Able to work independently with minimum supervision.
   

Additional Requirements