Cybersecurity Architect

Title: Security Architect

Duration: 1 YEAR,CONTRACT

Location: REMOTE

JOB PURPOSE:

The Senior Security Architect, reporting to the Cluster Head of Application Security Architecture, is responsible for leading activities related to governing the security of application architectures. This role involves conducting threat modeling, Control gap assessments, overseeing IT security reviews, and ensuring that all applications comply with established security standards. Architect collaborates with development teams to integrate security into the software development lifecycle and supports the approval process for go-lives, ensuring that security requirements are met.

KEY RESULT AREA:

• Ensure cybersecurity designs for systems and networks with multilevel security requirements

• Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.

• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan

• Provide input on security requirements to be included in statements of work and other appropriate procurement documents.

• Provide input to the Risk Management Framework process activities and related documentation

• Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.

• Evaluate security architectures and designs to determine the adequacy of security design and architecture

• Analyze user needs and requirements to plan architecture.

• Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately

• Manage application security framework improvements

• Implements tools and strategies to ensure the successful implementation of the Application Security Program

• Communicates effectively with lines of business and clients to address complex information security issues.

• Reviews documentation created by team members and peers to provide constructive feedback.

• Prepares and reviews activity reports as requested by management.

• Develops and ensures services in response to various risks and threats.

• Review state-of-the-art technology solutions and innovative information security management techniques to safeguard organizational assets.

• Ensure RTB (Run The Bank) and CTB (Change The Bank) activities are meticulously planned, including operational continuity, resource allocation, and compliance for RTB, and detailed project management, risk assessment, and change control for CTB. Coordinate with cross-functional teams to integrate and execute these activities effectively

OPERATING ENVIRONMENT, FRAMEWORK and BOUNDARIES, WORKING RELATIONSHIPS

• Knowledge and working relationship with different teams in Technology Operations, Business Technology, Audit, International Banking, Information Security Team, etc.

• Cloud and Digital Ecosystem, Microservices and Open API Framework, Blockchain related technology

• Enterprise Infrastructure, Business Technology, and related Application

• Security frameworks such as NESA, CIS, NIST, SOC2, ISO

• Information Security regulations: NY DFS CRR 500, FFIEC, RBI Cyber Security Framework, HKMA CRAF and SPM

• Information Security governance frameworks such as ISO27001, NIST 800 series, COBIT, SABSA etc

PROBLEM SOLVING

• Analytical thinking and ability to analyze complex problems, consult when needed and validate risk-based solutions.

• Problem resolution to stay on the cutting edge of digital technology

• Ability to do issue analysis and root cause of problem. Ability to consult and provide digital solutions to technology and business that mitigates/reduce the risk to acceptable level.

• Ability to prepare root cause analysis and devise solutions for problem remediation. Ability to enable agile framework, technology solution and processes for proactive management of the Digital ecosystem

• Implementation and effective change management for the new solution or corrective actions

• Understanding to prepare business impact for problems

DECISION MAKING AUTHORITY AND RESPONSIBILITY

• Recommendation and influence on decisions to implement risk-based solutions

• Evaluation of relevant solutions/technologies

• Responsible for Validating any proposed security solutions to mitigate cloud & digital risks and on-prem IT infrastructure

• Evaluates and certifies relevant cloud solutions/technologies and technology solutions

• Prepares Application and Digital Reference Architecture for Mashreq’s IT infrastructure platforms

• Coordinates PoC of relevant Cybersecurity solutions/technologies and submits recommendation to senior managers.

• Influences policy adherence, regulation applicability, scoping and control decision.

• Ability to review and attest controls design

• Cost-benefits analysis (ROI) in risk and control decision.

KNOWLEDGE,SKILLS AND EXPERIENCE

• 14+ years of experience in security architecture with threat modeling and architecture review.

• Professional security certifications such as CISSP, CCSP, ISSAP (at least one) is good to have.

• Deep understanding of technologies and architecture in a highly scalable and available set-up.

• Deep understanding & expertise with highly transactional, large relational and complex systems

• Above 12 years of experience with technology depth as well as good people skills

• Good understanding of the Software Development Life Cycle Methodologies such as Waterfall, Agile, CI/CD, DevSecOps.

• Exposure to the Application Security Vulnerabilities (OWASP Top 10)

• Good Knowledge and familiarity with Operating system administration – Windows & Linux