Job Accountability :
Gaining an understanding of our Current State and Target State Architecture and then working to define a strategy for our technical direction around security.
Owner of an application/solution or a feature within the application/solution
Responsible for leading infrastructure assessments, making decisions on threat modeling and proper security service design and implementation.
Acts as expert for infrastructure teams in the plan, design, and delivery of IT solutions
Defines and communicates a shared technical and architectural vision (including infra)
Technical expertise in multiple disciplines within IT Infrastructure and Information Security, including: networking, virtualization, cloud computing, application security & databases
Provide security architecture and advice in support of application security, IT infrastructure, and enterprise technology projects to ensure the integrity of the bank is protected.
Consult with the Enteprise Architecture practice to ensure that the service is aligned with FAB architectural patterns
Ensure that SDLC procedures defined for Requirements and Solution Design within the domain/service/application/feature are followed.
Document quality procedures for the service
Define, document and implement the infra & security architecture for the IT projects including but not limited to the following
1. Authentication & authorization
2. Account administration controls (provisioning, segregation of duties, validation, attestation, etc.)
3. Auditing of critical security related events
4. Confidentiality, Integrity, and Availability of the system and data.
Ensure that talent is continual brought into the team through facilitating interviewing new team members including on boarding
Ensure that all performance and career based activities, conversations and artefacts are prepared together with the individuals, such as; Development Plan
Share knowledge through Code Reviews and Communities of Practise opportunities across the Service
Qualifications Required:
Minimum 10-15 years overall experience in IT starting with the hands-on engineering positions
2-5 years’ experience doing practical design or architecture within the specialization (solutions, infrastructure, network, security, etc.)
Act as a technical focal point for complex network and security design/solution
Act as a technical SME during the product/solution evalution and implementation for network & security tools
Must have experience around Enterprise Security Architecture Security, Security Strategy and Compliance Consulting Experience creating and audit of security best practices and implementation of security principles across the organization , to meet business goals along with customer and regulatory requirements,
Understanding of compliance regulatory requirements like ISO,PCI DSS, NESA etc.,
Must have experience around design of security controls and product best fit analysis to ensure end to end security covering different areas of security architecture :
o Layered Security
o Zoning
o Integration aspects
o API Security
o Endpoint Security
o Data Security
o Compliance and regulations
o Threat Intelligence
o Threat Exposure & Incident Management aspects
Must Possess strong presentation , written and verbal communication skills
Industry Security Certifications like CCIE,CISSP, CISA, CISM, CSRIC, TOGAF,SABSA etc., are preferred
Good Understanding & Must have experience in implementing Cloud Security Controls
Good Understanding of Cloud Platforms like Azure, Oracle, Google,AWS etc.,
Good Understanding of Dockers, Containers and Kubernetes
Good Understanding of SDN technologies like ACI.
Good Understanding of REST, SOAP Protocols, Web services etc.,
Good Understanding of Symmetric and Asymmetric Cryptography algorithms.
Hands on Experience on Multi-vendor firewalls and other security technologies ( Firewalls, Web Proxy, Email Gate, Endpoint Security etc..)
Knowledge and experience in requirements traceability throughout the design phase, including functional and non-functional requirements
Ability and experience in translating functional and non-functional requirements into solution/feature/component design and service architecture
Can create a high-level and low-level design (functional and non-functional) of a single or a small collection of components or a small end-to-end service
Conducts / participates in code reviews, identifies bug root causes, and finds a workable solution
Participates in Communities
Proactively addresses issues discovered in the software components, infrastructure and scripts in the various environments