FVP, Security Architect
Functional area: Business Technology Services
Employment type: Full-time
Job Type: Permanent
Security Architects is a senior technical role responsible to help GTO teams to design, deploy and operate IT systems with appropriate security controls in place to meet business goals along with customer and regulatory requirements. This role is part of CISO Office who is driving overall security strategy and practice in the bank.
- Determine and communicate security requirements for IT systems such as network, application, OS and data by evaluating business strategies and requirements, understanding the threat landscape, evaluating emerging technology, keeping awareness of industry standard and regulatory requirement, and conducting risk assessments.
- Plan and design enterprise security architecture covering protect, detect and response aspect of information security objectives.
- Develop and recommend security design frameworks and guidelines to help IT teams to build and ensure security throughout the system lifecycle.
- Identify security design gaps in existing or newly proposed system and recommend changes or enhancements.
- As security SME, provide security advisory service to IT and non-IT teams.
- Connect with industry and participate in industry forums and conferences. Maintain professional networks.
- Maintain personal and management awareness of technologies trends, innovations and issues.
- Degree in Information Security, Computer Science/Engineering or related discipline. Master Degree in Information Security or Computer Science is a plus.
- At least 12 years of IT experience, in which over 6 years are in the capacity of security architect preferably in a large BFSI environment with proven track record in building security solutions
- Deep understanding and experience of wide areas of security domains as well as enterprise architecture frameworks.
- Good understanding of the key IT aspects including strategic planning, application implementation & support, IT Infrastructure and operation, vendor management, IT audit, risk management and business continuity planning.
- Solid application security know-how, preferably banking applications.
- Good understanding of banking systems and operations.
- Experience with Secure SDLC, dynamic and static code analysis and application threat modeling.
- Familiar with the regulator requirement on information technologies areas for BFSIs.
- Relevant certifications such as CISSP, SABSA, TOGAF, ISSEP, CSSLP, SANS, ITIL would be advantages.
- Excellent written and verbal communication skills
- Ability to effectively interact with a broad cross-section of personnel to explain and enforce security controls
- Strong analytical and critical thinking skills
- Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments
- Able to work independently with minimum supervision
United Overseas Bank Ltd (UOB)