Senior Security Architect

Job Description

Organisation Unit Purpose

The unit (aka Chapter) is responsible for building, implementing, and enforcing common structures and guidelines for enterprise architecture and solutions practices, standards, emerged patterns, and technologies to enable world-class solutions delivery and build resilient, agile, and secured architecture landscape aligned with the business strategy.

Achieve a high level of performance and quality in delivering architecture solutions that provide exceptional business value to internal users and customers as well as ensuring common architectural standards across the Group. The chapter maintains all architectural blueprints and architects working in agile, platform, Infrastructure & data teams across Group IT

The Senior Security Architect (SSEA) reports to the Head of Architecture but is also accountable to the Delivery Head & Lead in the business / functional domain (aka Matrix Manager) that is being served. The SSEA is expected to possess deep technical expertise, potential leadership qualities & be solution oriented.

The below competencies are specific and targeted towards Customer Facing Mobile Apps and its associated eco-system, processes, and integrated components.

1. Domain Competencies

At least 3-5 years of technology experience & working knowledge of Banking Mobile Apps, their unique security features & API integration

3-5 years’ experience in securing IOS & Android Mobile Apps and its associated ecosystem. Must understand the nitty-gritties of IOS & Android native controls as well as Third Party components that have the potential to make the mobile app more secure.

Extensive knowledge and experience with designing and proposing solutions that combat Digital Fraud that typically takes place via Banking Mobile Apps

Deep knowledge of how to implement key controls for Mobile Apps especially on Native Apps and APIs (both Ingress & Egress)

Deep knowledge and / or Experience with Threat Modeling Banking Mobile Apps & it’s integrated ecosystem.

Deep knowledge and / or experience with prescribing balanced Security Requirements for Banking Mobile Apps & it’s integrated ecosystem.

Deep understanding of global and regional regulatory requirements related to banking and financial services (e.g., PCI-DSS).

Experience in implementing security solutions to ensure that Banking Mobile Apps comply with regulatory requirements and / or have minimal risks prior product releases.

Knowledge of API Security Standards implementation for secure interoperability between different banking systems

Deep knowledge and experience with designing & proposing People, Process & Technology controls to ensure secure build, deployment and distribution (to App Stores) of Banking Mobile Apps.

Ability to assess and integrate third-party technology solutions into Banking Mobile Apps from a security perspective.

Understanding of Retail Banking Mobile App offerings, products, and processes

Familiarity with emerging banking technologies and trends (e.g., blockchain, digital currencies, e-checks, ML)

Knowledge & experience integrating industry best practice Fraud Management solutions for Banking Mobile Apps.

2. Technical Competencies

Deep understanding of conducting Data Classification & Asset Valuation activities

Knowledge of conducting Threat Modeling using frameworks of choice

Deep understanding of Application Security (OWASP Top 10 or similar), API Security & Mobile Security (Mobile OWASP Top 10)

Deep understanding of Infrastructure Security including but not limited to Containers, Virtual Machines, Operating Systems, Databases, and Interfaces such as payment switches, APIs, event-streaming systems, file transfer systems.

Experience with end-end to security requirements and solutioning via collaboration with peer architects, tech leads and associated stakeholders.

Experience in Development of standards, patterns, and best practices for reuse. Promotion of design adherence to bank policies, standards, architectural principles, and guidelines

Must be able to create security solution-oriented presentations for Senior Technical and / or Business Leaders

Must be able to tailor language and communication based on the audience

3. Behavioural Competencies :

Delivery focused while ensuring the right balance of Customer Experience, Business Requirements, Performance, Reliability & Security

High energy, enthusiasm & passion

Excellent analytical & critical thinking skills.

Excellent stakeholder, time management & expectation management skills

Autonomous decision-making ability with minimal guidance

High learning potential

Ability to coach & mentor associate / junior architects.

Requirements

Core Objectives & Key Results (OKRs) :

Conduct Data Classification, Asset Valuation, Threat Modelling, Security Requirements & Patterns within realistically agreed timelines

Influence squads / teams to implement secure design to ensure risk reduction of the product before release & in the long run.

Deliver secure solutions within realistically agreed timelines.

Optimize Shift-Left processes within the team.

Ensure seamless governance within realistically agreed timelines.

Run education, socialisation, and awareness workshops with squad / tribe members and / or peers.

Do specialized technical or soft skill learning courses and / or achieve certifications.

Excel at Collaboration, Ownership, Drive & Enterprising (CODE) values

Coach & mentor associate architects to improve the quality of the team and the product.

Introduce & implement innovative ways of working to deliver value within squads.

Engage in Stretch Assignments / Goldilocks Tasks to contribute value to the organization

Requirements

Saas