- Offer guidance, best practices, and support across businesses to drive awareness and understanding of the technology risk and controls framework and challenges to compliance with it.
- Develops and administers the solutions and detective controls that meet system expectations relative to scalability, performance, fault tolerance, usability, and data integrity.
- Delivers solutions that meet end user expectations relative to performance, usability and security for the Data Protection Engineering and Architecture function.
- Determining operational feasibility by evaluating, analyzing, problem definition, requirements, solution development, and proposing solutions.
- Collaborating with Enterprise Architecture organization as needed.
- Reviewing documentation, processes or procedures, and recommends where automation or improvements can be implemented.
- Operating independently; has in-depth knowledge of business unit/function; accomplishes engineering and organization mission by completing related results as needed.
- Lead Application risk reviews and assessments, identifying threats, communicating with Application teams and stakeholders to define risk treatment activities.
- Act as an InfoSec subject matter expert, primarily focused on cloud application security across the Bank’s core technology within Azure & AWS cloud platforms.
- Maintain specialist knowledge in assigned security processes, systems or frameworks
- Represent Information Security with Business stakeholders as a trusted advisor, finding pragmatic and cost-effective security solutions that efficiently support customer needs.
Skills & Qualifications:
- Experience within Security & Technology experience across a broad range of architectures. Security Architecture experience with hands on experience designing and delivering technology solutions.
- Experience in the area of technology risk. Successful candidate is likely to have held roles such as Security Risk Consultant, Risk Consultant, Information or IT Security Risk Manager, IT Audit Manager, IT Incident Manager or Security Analyst.
- Extensive experience with cloud technology including, hybrid environments, security from the start design (SSDLC)
- Experience conducting architecture reviews to find and evaluate application and infrastructure security risks using Threat Modelling methodologies (e.g. STRIDE)
- Extensive experience in developing and implementing detective controls using Regular Expressions etc.
- Relevant technical qualifications such as CRISC, CISM, CISA, CISSP, AWS Certified Security etc;
- Relevant business experience/qualifications/knowledge: Expertise established in assessing and articulating technology and/or security risk in the context of various other operational risks and challenges facing the organization.
- Information Security subject matter expert in multiple cloud technology areas such as M365, Azure (Identity, Security and Compliance), Wiz, Defender, Azure DevOps, Azure IaaS, SaaS etc.
- Solid, practical and demonstrable experience of information security (technical and non technical aspects), ideally with an understanding of privacy & Data Management;
- Able to influence decision making to surface and mitigate issues and risks across a wide range of stakeholders;
- Positive, collaborative and builds and maintains effective relationship with others
- Pragmatic, and effectively balances risk and control requirements with commercial drivers;
- Ability to articulate and document security requirements and risks so that they are accurate, auditable and understandable;
- Ability to solve problems creatively and effectively
- Plan, organise and prioritise tasks and projects effectively