Senior Security Architect (Consultant)

The Senior Security Architect, reporting to the Cluster Head of Application Security Architecture, is responsible for leading the governance of application architecture security. This role includes conducting threat modeling, security gap assessments, and overseeing IT security reviews to ensure applications adhere to established security standards. The Senior Security Architect works closely with development teams to integrate security into the software development lifecycle and supports the approval process for go-lives, ensuring that security requirements are fully met.

Key Responsibilities:

• Lead the design of cybersecurity strategies for systems and networks with multilevel security requirements.
• Ensure acquired or developed systems and architectures align with the organization’s cybersecurity architecture guidelines.
• Conduct security reviews, identify gaps in security architecture, and develop security risk management plans.
• Provide input on security requirements to be included in procurement documents such as statements of work.
• Contribute to the Risk Management Framework (RMF) activities and related documentation.
• Define and document the security impact of new systems or interfaces on the current environment’s security posture.
• Evaluate security architectures and designs to ensure their adequacy.
• Analyze user needs and requirements to plan security architectures effectively.
• Determine and document the security controls required for information systems and networks.
• Manage improvements to the application security framework.
• Implement tools and strategies to ensure the successful execution of the Application Security Program.
• Collaborate effectively with business lines and clients to address complex information security issues.
• Review documentation created by team members and peers, providing constructive feedback.
• Prepare and review activity reports as requested by management.
• Develop services to address various risks and threats to the organization.
• Review state-of-the-art technology solutions and innovative information security management techniques to safeguard organizational assets.
• Ensure that both RTB (Run The Bank) and CTB (Change The Bank) activities are meticulously planned, addressing operational continuity, resource allocation, and compliance for RTB, and detailed project management, risk assessment, and change control for CTB.

Operating Environment and Framework:

• Collaborate with different teams in Technology Operations, Business Technology, Audit, International Banking, and the Information Security Team.
• Work with cloud and digital ecosystems, including microservices, open API frameworks, and blockchain-related technologies.
• Familiarity with enterprise infrastructure, business technology, and related applications.
• Adherence to security frameworks such as NESA, CIS, NIST, SOC2, and ISO.
• Knowledge of information security regulations including NY DFS CRR 500, FFIEC, RBI Cyber Security Framework, HKMA CRAF, and SPM.
• Familiarity with information security governance frameworks such as ISO 27001, NIST 800 series, COBIT, and SABSA.

Problem Solving:

• Demonstrate strong analytical thinking to resolve complex problems and validate risk-based solutions.
• Stay on the cutting edge of digital technology by addressing issues and developing solutions that mitigate risk to acceptable levels.
• Conduct root cause analysis and provide solutions for problem remediation.
• Enable agile frameworks and technology solutions for proactive management of the digital ecosystem.
• Lead the implementation of effective change management for new solutions or corrective actions.
• Assess business impact for security problems.

Decision Making Authority & Responsibility:

• Make recommendations and influence decisions to implement risk-based security solutions.
• Evaluate and validate relevant cloud and digital solutions/technologies, including on-prem IT infrastructure.
• Prepare Application and Digital Reference Architecture for IT infrastructure platforms.
• Lead proof-of-concept (PoC) evaluations for cybersecurity solutions/technologies and submit recommendations to senior management.
• Influence policy adherence, regulation applicability, scoping, and control decisions.
• Review and attest to the design of security controls.
• Conduct cost-benefit analysis (ROI) in risk and control decisions.