Senior Security Architect

Title: Senior Security Architect

Location: Bangalore

Experience: 14+ years

Job Description:

The Senior Security Architect, reporting to the Cluster Head of Application Security Architecture, is responsible for leading activities related to governing the security of application architectures. This role involves conducting threat modeling, Control gap assessments, overseeing IT security reviews, and ensuring that all applications comply with established security standards. Architect collaborates with development teams to integrate security into the software development lifecycle and supports the approval process for go-lives, ensuring that security requirements are met.

Key Accountabilities:

Ensure cybersecurity designs for systems and networks with multilevel security requirements

Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.

Perform security reviews, identify gaps in security architecture, and develop a security risk management plan

Provide input on security requirements to be included in statements of work and other appropriate procurement documents.

Provide input to the Risk Management Framework process activities and related documentation

Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.

Evaluate security architectures and designs to determine the adequacy of security design and architecture

Analyze user needs and requirements to plan architecture.

Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately

Manage application security framework improvements

Implements tools and strategies to ensure the successful implementation of the Application Security Program

Communicates effectively with lines of business and clients to address complex information security issues.

Reviews documentation created by team members and peers to provide constructive feedback.

Prepares and reviews activity reports as requested by management.

Develops and ensures services in response to various risks and threats.

Review state-of-the-art technology solutions and innovative information security management techniques to safeguard organizational assets.

Ensure RTB (Run The Bank) and CTB (Change The Bank) activities are meticulously planned, including operational continuity, resource allocation, and compliance for RTB, and detailed project management, risk assessment, and change control for CTB. Coordinate with cross-functional teams to integrate and execute these activities effectively

Operating Environment, Framework and Boundaries, Working Relationships

Knowledge and working relationship with different teams in Technology Operations, Business Technology, Audit, International Banking, Information Security Team, etc.

Cloud and Digital Ecosystem, Microservices and Open API Framework, Blockchain related technology

Enterprise Infrastructure, Business Technology, and related Application

Security frameworks such as NESA, CIS, NIST, SOC2, ISO

Information Security regulations: NY DFS CRR 500, FFIEC, RBI Cyber Security Framework, HKMA CRAF and SPM

Information Security governance frameworks such as ISO27001, NIST 800 series, COBIT, SABSA etc.

Problem Solving

Analytical thinking and ability to analyze complex problems, consult when needed and validate risk-based solutions.

Problem resolution to stay on the cutting edge of digital technology

Ability to do issue analysis and root cause of problem. Ability to consult and provide digital solutions to technology and business that mitigates/reduce the risk to acceptable level.

Ability to prepare root cause analysis and devise solutions for problem remediation. Ability to enable agile framework, technology solution and processes for proactive management of the Digital ecosystem

Implementation and effective change management for the new solution or corrective actions

Understanding to prepare business impact for problems

Decision Making Authority & Responsibility

Recommendation and influence on decisions to implement risk-based solutions

Evaluation of relevant solutions/technologies

Responsible for Validating any proposed security solutions to mitigate cloud & digital risks and on-prem IT infrastructure

Evaluates and certifies relevant cloud solutions/technologies and technology solutions

Prepares Application and Digital Reference Architecture for Client's IT infrastructure platforms

Coordinates PoC of relevant Cybersecurity solutions/technologies and submits recommendation to senior managers.

Influences policy adherence, regulation applicability, scoping and control decision.

Ability to review and attest controls design

Cost-benefits analysis (ROI) in risk and control decision.

Knowledge, Skills and Experience

14+ years of experience in security architecture with threat modeling and architecture review.

Professional security certifications such as CISSP, CCSP, ISSAP (at least one) is good to have.

Deep understanding of technologies and architecture in a highly scalable and available set-up.

Deep understanding & expertise with highly transactional, large relational and complex systems

Above 12 years of experience with technology depth as well as good people skills

Good understanding of the Software Development Life Cycle Methodologies such as Waterfall, Agile, CI/CD, DevSecOps.

Exposure to the Application Security Vulnerabilities (OWASP Top 10)

Good Knowledge and familiarity with Operating system administration Windows & Linux