IT Security Lead Architect

Market Cloud

Employer Active

Posted 1 hrs ago

Experience

10 - 15 Years

Job Location

Dubai - United Arab Emirates

Education

Any Graduation

Nationality

Any Nationality

Gender

Not Mentioned

Vacancy

1 Vacancy

Job Description

Roles & Responsibilities


Role Purpose

The Lead Security Architect Omnichannel & Digital Commerce is responsible for embedding security-by-design across the full omnichannel ecosystem, spanning digital channels (web, mobile, app), in-store systems, contact center platforms, APIs, and the enterprise integration backbone. The role ensures that security architecture, controls, and governance are consistent, resilient, and compliant as customers and data move across all touchpoints and platforms including Order Management Systems (OMS), MuleSoft, and Warehouse Management Systems (WMS). This individual serves as the primary security authority for digital programmes, working in close partnership with engineering, product, operations, and vendor teams. The role ensures security design is integrated with Group Security Operations capabilities for continuous monitoring, incident response, and risk management, and that it supports Group's broader security, compliance, and digital transformation objectives.

Key Accountabilities

Core Knowledge & Experience

Define and maintain the end-to-end omnichannel security architecture across OMS, MuleSoft integration layer, WMS, CRM, e-commerce platforms, POS, payment gateways and contact centre systems.

Embed security-by-design into all omnichannel/digital commerce programmes, ensuring security requirements are addressed from business design through to technical delivery.

Lead security design reviews and Design Authority participation for new capabilities, platform changes, and third-party integrations.

Develop and maintain security standards, patterns, and guardrails for integration architecture, API design, data exchange, and microservices.

Define and govern zero trust architecture principles across omnichannel and digital commerce environments.

Partner with engineering teams to implement OAuth 2.0, OIDC, SAML, and JWT across all service-to-service and customer-facing authentication flows..

Establish and enforce API security standards across all integration touchpoints, including REST, GraphQL, and event-driven APIs.

Define secure integration patterns for MuleSoft Anypoint Platform including API policies, mutual TLS, client credential management, and secrets vaulting.

Govern security of integrations between OMS, WMS, ERP, CRM, payment gateways, and logistics providers.

Review and validate API contracts, authentication models, data payloads, and error-handling behaviours for security risk.

Embed application security (AppSec) practices across all omnichannel digital delivery including secure code standards, SAST/DAST tooling, and OWASP guidance.

Conduct or oversee security architecture reviews for web, mobile, API, and integration components prior to go-live.

Ensure logging, monitoring, and anomaly detection are in place across all API gateways and integration buses, feeding into SIEM/SOC platforms.

Oversee third-party and SaaS vendor security evaluations.

Act as a conduit between omnichannel programme teams, the Group Information Security function, and governance forums to ensure alignment and transparency.

10+ years of information security experience, with at least 5+ years focused on security architecture and secure design.

Demonstrable experience securing omnichannel or digital commerce platforms across multiple touchpoints (web, mobile, app, store, contact centre).

Proven background in enterprise integration security especially MuleSoft or comparable API management and integration platforms.

Strong understanding of OMS and WMS architectures (e.g. Fluent Commerce, Blue Yonder) and their security considerations.

Hands-on experience securing MuleSoft Anypoint Platform including API policies, client credentials, RBAC, secrets management, and network controls.

Practical experience embedding AppSec in SDLC including SAST, DAST, OWASP Top 10, secure code review, and threat modelling.

Expertise in API gateway security, OAuth 2.0, OIDC, JWT, rate limiting, input validation, and secrets management

Experience in retail, luxury, or consumer goods organisations is highly advantageous.

Strong expertise in cloud platform security: AWS, Azure, or GCP including IAM, network segmentation, container security, and cloud-native controls.

Proven experience applying security-by-design methodologies in complex ERP transformation programs.

Experience with microservices security, Kubernetes/Docker environments.

Familiarity with e-commerce platforms (e.g. Salesforce Commerce Cloud, SAP Commerce tool) and their security models.

Understanding of PCI DSS controls for payment data and cardholder data environments across omnichannel/digital commerce flows.

Familiarity with ISO 27001, and NIST CSF and their application to commerce and fulfilment environments.

Preferred professional certifications:

  • CISSP (Certified Information Systems Security Professional)
  • SAP Certified Technology Associate System Security Architect
  • TOGAF or SABSA (Security Architecture Certification)
  • CISA or CISM (Information Systems Audit/Manager)
  • AWS/Azure/GCP Security Specialty Certification.

Desired Candidate Profile


Company Industry

Department / Functional Area

Keywords

  • IT Security Lead Architect

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com

Market Cloud


https://www.naukri.com/job-listings-290426018194