Senior Security Architect

Bank ABC

The Senior Security Architect will identify IT threats and vulnerabilities, design and build robust security architectures and serve as the "security point person" for technical and business security concerns.

The job holder will be architecting and managing change and implementation with existing and new technologies, reusing when appropriate and implementing when required.

The job requires in-depth knowledge and hard skills (e.g. secure cloud architecture, cryptographic practices, protocols, network and platform security etc.) as well as strong soft skills (e.g. communication and presentation skills, stakeholder management) and a good amount of hands-on previous work experience demonstrating these.

Principal Responsibilities, Accountabilities and Deliverables of Role

Research & Planning:

• Plan, research and design robust enterprise-wide security architectures for any IT or business projects aligned with industry frameworks (e.g. SABSA, TOGAF, NIST, CSA, ISO 27001)
• Develop threat use cases / scenarios to clearly depict threats to security architecture.
• Aligning new security solutions with existing technologies and designing and planning integration.
• Lead and coordinate assessment of existing and target / implemented architecture.

Cost, Planning, Project Management:

• Prepare cost estimates and identify integration issues for solutions and architectures
• Develop and maintain security reference architectures and roadmaps

Engineering:

• Understanding of Security Engineering outputs and able to oversee and incorporate into security planning
• Able to incorporate security measures into the existing, resultant or target architecture.
• Collaborate with DevOps, Cloud, and IT teams to embed security into CI/CD pipelines and infrastructure (DevSecOps)

Designing:

• Define and maintain technical security patterns for secure systems and applications
• Design high level and low-level security architecture to meet business and technical requirements
• Design public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures
• Identify and reuse security solutions and consider integration with other tools when designing security solutions.

Implementation:

• Coordinating the installation of security solutions and managing the configuration of said solutions.
• Identifying opportunities to automate processes and activities and coordinating implementation of automation.
• Identifying gaps in architecture and addressing these gaps through defining security requirements based on threat landscape / assessment.

Testing & Assessments:

• Coordinate the testing of security solutions
• Conduct threat modelling, risk assessments, and security architecture reviews.

Training & Knowledge share:

• Expert knowledge in cryptography and Cloud Security solutions and able to research and understand new solutions.
• Expert knowledge of, and hands on experience in, securing AWS, Azure and GCP.

Governance:

• Define, implement and maintain corporate security policies and procedures
• Monitor issues / remediation activities to ensure gap closure to fulfil security control objectives and meet mandatory external requirements.
• Be informed of changes to industry best practices, changes in architecture (e.g. Cloud) and work with third parties, vendors and the wider bank to design relevant security controls.
• Coordinate with other members of Group IT, Cyber & Information Security, and end user departments to sustain appropriate technical and procedural controls to support the industry mandatory security objectives.

Strategies:

• Develop and own a security strategy and deliver end-to-end including planning and roadmap development.

Incident Management:

• Support incident response and security operations by providing architectural insights.

Architecture Documentation:

• Design and develop high level security architecture documents.
• Develop architecture patterns to address multiple / differing use cases.
• Develop and enhance Architecture Building Blocks (ABBs) and Solution Building Blocks (SBBs) and design architectures mapping to these building blocks
• Write comprehensive reports including documenting existing architecture and defining baseline and target architecture in terms of components, integration and capabilities, and aligning with business requirements.
• Prepare and document standard operating procedures and protocols.
• Prepare technical and business architecture documentation, as per the defined frequency, and keep it in a clear way to support the Bank and ensure it remains compliant all year round.
• Work in a team environment to educate and analyse security architectures and help develop other activities for reviewing and monitoring mandatory security controls.

Product Responsibilities:

• Will be the Product Owner, supporting the senior security architect in Product Owner responsibilities regarding specific security tools under the remit of the team.
• Will be the Product Owner for Microsoft security solutions with hand-on experience of MS Purview, Azure, AWS Security stack and security solutions, ensuring correct configuration, issues identified and resolved, develop processes/procedures and follow up on alerts
• Will be the Product Owner for HSM solution, ensuring correct configuration, issues identified and resolved, develop processes/procedures and manage associated activities (key life cycle management)
• Will be the Product Owner for Microsoft AIP solution, ensuring correct configuration, issues identified and resolved, develop processes/procedures and manage associated activities (classification labelling, handling DLP alerts)
• Will be the Product Owner for Bluecoat proxy / Fireglass solution, ensuring correct configuration, issues identified and resolved, define policies, develop processes/procedures and manage associated activities.