Design and implement secure architectures and solutions across networks, applications, cloud environments, and data systems.
Ensure security principle (e.g. confidentiality, integrity, availability) and compliance with Bank standards are embedded into all IT projects and systems.
Develop security blueprints, reference architectures, and design patterns aligned with industry standards.
Create and publish a standards catalogue for security technologies, methods, and implementation requirements.
Develop and implement processes to ensure IT teams engage with security for consultancy and review in the early stages and throughout the life of the project.
Act as the subject matter expert for security architecture and provide technical guidance to project teams, developers, and engineers.
Review and approve security designs, ensuring alignment with policies, regulatory requirements, and best practices.
Lead security related discussions and present solutions to both technical and non-technical stakeholders.
Develop strategies and solutions to mitigate identified risks and ensure compliance with security standards.
Research and evaluate security tools, technologies, and frameworks to enhance the organization's security posture.
Requirements
Bachelor's or above degree in Information Security, Computer Science or relate field is preferred.
At least 15 years of experience in hands on cybersecurity, with prior experience in a Security Solution Architect role.
Proven experience designing secure solutions for enterprise environments, including on-premises, cloud, and hybrid architectures.
Familiarity with secure development practices (DevSecOps) and CI/CD pipeline security.
Strong understanding of various cyber security technologies addressing the protection of identities, data, applications, endpoints and infrastructure.
Demonstrated experience in applying security and risk frameworks such as: NIST, Mitre ATT&CK, Mitre DEFEND, ISO27K
Demonstrated experience in applying technical solutions to meet regulatory requirements stipulated by regional authorities (examples: MAS, HKMA, BOJ, RBI, BNM, CFR-RBA, CBIRC, etc)
Pro-active with multitasking capabilities, comfortable to work in both hands-on and leadership role.
Demonstrated track records of efficient, scaled delivery with small teams, directly taking on and providing deliverables with limited resources
Ability to articulate cyber risks to senior leadership within the context of corporate strategy and threat environment
Strong technical aptitude, including demonstrated ability to understand broad IT topics outside of cyber security
Demonstrated decision making, problem solving and leadership skills
Professional certificates are advantage - both technology agnostic (CISSP / CISM / SANS ) and technology specific.
