Security Architecture and Security Advisory

Security Architecture and Security Advisory

Defines and enhances information security architecture, provide security advisory, ensuring consistent and effective security administration procedures and processes.

Responsibilities

• Design a secure IT security architecture, including network segmentation and security solutions.
• Integrate security architecture into the organization's infrastructure.
• Serving as an internal information security consultant on the security architecture to the organization.
• Monitoring industry security updates, technologies and best practices to improve security management.
• Ensure a security architecture and design for creating secure networks, applications and infrastructure.
• Recommend security solutions that will resolve security issues on a timely basis to enhance security.
• Advise business units and the technology group (Delivery team) on how to comply with IT security policies, standards, guidelines, and best practices.
• Provide guidance on new or modified application solutions and infrastructure design (Cybersecurity area).
• Act as a key technical resource for the architecture team regarding security matters related to DevSecOps and secure development practices.
• Be a cybersecurity expert by staying updated on trends, technologies for vulnerabilities, exploits, and threats related to information security.
• Collaborate with other information security teams to assist IT teams in delivering secure infrastructure solutions with security recommendations, ensuring key security controls are working as intended.
• Review source code and Static Application Security Testing (SAST) reports to comply with security standards.

Qualifications

• Bachelor's/Master's degree in Computer Science, Computer Engineering, or a related IT field.
• Strong skills in security advisory, analysis, and problem-solving.
• Solid understanding of application security, security protocols, cryptography, authentication, authorization, multi-factor authentication, single sign-on, identity management, or related technologies.
• Knowledge of cloud security technology and the ability to set frameworks to guide the design of cloud security.
• Good working knowledge of current IT risks and experience implementing security solutions.
• Development experience (2+ years) is a plus.
• Experience in penetration testing (1+ years) is a plus.
• Experience in IT auditing or global standards (e.g., PCI-DSS, NIST, ISO) is a plus.
• Knowledge of new banking technologies and associated security controls is a plus.
• Relevant security certifications are a plus, e.g., Sec+, CEH, OSCP, CISSP, CISM, Cloud Certified.
• Rapid learning capability and the ability to work under pressure.
• Good command of English.