Job Description

Job Summary (Senior Security Architect) List Format
Purpose:
- Lead governance of application security architecture.
- Conduct threat modeling and control gap assessments.
- Oversee IT security reviews and ensure application compliance with security standards.
- Collaborate with development teams to integrate security into the SDLC.
- Support go-live approval processes, ensuring security requirements are met.
Key Responsibilities:
- Design and review cybersecurity for systems and networks with multilevel security needs.
- Ensure acquired/developed systems align with organizational security architecture.
- Identify and address security gaps; develop security risk management plans.
- Provide security input for procurement and statements of work.
- Contribute to Risk Management Framework activities and documentation.
- Document impacts of new systems/interfaces on security posture.
- Evaluate and enhance security architecture/designs.
- Analyze user needs to inform architecture planning.
- Define and document required security controls for information systems/networks.
- Manage and improve application security frameworks.
- Implement tools and strategies for Application Security Program.
- Communicate with business lines and clients on complex security issues.
- Review and provide feedback on team documentation.
- Prepare management reports and activity updates.
- Develop and deliver services addressing risk and threats.
- Assess new technologies and information security management techniques.
- Ensure RTB (Run The Bank) and CTB (Change The Bank) activities are properly planned and executed, coordinating with cross-functional teams.
Working Environment and Relationships:
- Collaborate with Technology Operations, Business Technology, Audit, InfoSec, International Banking, etc.
- Work with cloud, microservices, open APIs, blockchain, enterprise infrastructure.
- Apply knowledge of security frameworks (NESA, CIS, NIST, SOC2, ISO) and regulations (NY DFS, FFIEC, RBI, HKMA, etc.).
Problem Solving:
- Analyze complex security problems and develop/validate risk-based solutions.
- Perform root cause analysis and recommend remediation.
- Enable agile frameworks and proactive digital ecosystem management.
- Implement and manage changes for new/corrective solutions.
- Assess business impact of security issues.
Decision Making:
- Recommend and influence risk-based security solutions.
- Evaluate and validate proposed security technologies/solutions.
- Certify cloud and on-premise IT infrastructure security solutions.
- Prepare reference architectures for IT platforms.
- Coordinate PoCs and recommend cybersecurity solutions to management.
- Influence policy, regulation, and control decisions.
- Review and attest control designs.
- Conduct cost-benefit (ROI) analysis for risk/control decisions.
Skills and Experience:
- 14+ years in security architecture, including threat modeling and architecture review.
- Security certifications (CISSP, CCSP, ISSAP) preferred.
- Strong understanding of scalable, highly available architectures.
- Experience with large, complex, transactional systems.
- 12+ years of technology and people management experience.
- Familiarity with SDLC methodologies (Waterfall, Agile, CI/CD, DevSecOps).
- Knowledge of application security vulnerabilities (OWASP Top 10).
- Proficiency in Windows & Linux administration.
---
Note: This list summarizes the key duties, skills, and requirements from the provided job description for a Senior Security Architect.

Skills Required