Job Description

This is a senior technical role responsible to drivesecurity architecture, innovation and strategy

and help GTO teams to design, deploy and operatesystems with appropriate security controls

to meet business goals along with customer andregulatory requirements. This role is part of

Group Information Security who is driving overallsecurity strategy and practice in the bank.

Key Responsibilities:

Drive the security strategy and architecture for thegroup.

Lead security architect team. Design the overallsecurity architecture and standard

methodology of implementing security controls acrossthe bank’s platforms.

Develop and maintain the security referencearchitecture.

Develop the security design patterns and guidelinesfor existing and emerging

technologies such as AI. Promote the use of standardcontrols across the organization.

Conduct security design review for group wide systemsto identify security design gaps

and recommend mitigations.

Determine and communicate security requirements for ITsystems by aligning with

business strategies, understanding the threatlandscape, evaluating technology, keeping

awareness of industry and regulatory development, andassessing risks.

As security subject matter expert, provide securityadvisory service to IT and non-IT

teams.

Participate and support the architecture developmentcommunity and working groups.

Maintain personal and management awareness oftechnologies trends, innovations and

issues.

Connect with industry and participate in forums andconferences.

Requirements

Degree in Information Security, ComputerScience/Engineering or related discipline.

Master Degree in Information Security or ComputerScience is a plus.

At least 15 years of IT experience, in which over 6years are in the capacity of leading

security architect team preferably in a large BFSIenvironment with proven track record

in building security solutions and establishingsecurity architecture practices.

Deep understanding of enterprise architecture andsecurity frameworks like TOGAF,

NIST, CIS, etc.

Solid know-how of security controls such asauthentication and authorization,

cryptography, cloud security, devsecops, containersecurity etc.

Solid know-how of emergency technology such as AI andblockchain, and the

associated risks.

Good understanding of the key IT aspects includingstrategic planning, application

development, implementation & support, ITInfrastructure and operation, vendor

management, IT audit, risk management and businesscontinuity planning.

Hands on experience of banking systems and operations.

Familiar with Secure SDLC, dynamic and static codeanalysis and threat modeling.

Familiar with the regulator requirements.

Relevant certifications such as TOGAF, SABSA, CISSP,ISSEP and CSSLP would be

advantages.

Excellent written and verbal communication skills.Ability to effectively interact with a

broad cross-section of personnel to explain andconvince security risks and controls.

Excellent analytical and critical thinking skills.

Strong leadership, project and team-building skills,including the ability to lead teams

and drive projects and initiatives in multipledepartments.

Able to work independently with minimum supervision.