Security Architect

The Security Architect is responsible for designing and implementing comprehensive frameworks to assess and enhance application controls across the organization. This role ensures that critical applications are resilient to security threats by embedding robust controls into the architecture and aligning them with regulatory, compliance, and organizational standards. The Architect will play a pivotal role in shaping the security posture of enterprise applications through the development of security controls, conducting control gap assessments, and driving the adoption of secure application practices across the organization.

Key Responsibilities:

• Design and implement application control frameworks and secure architectural patterns for enterprise applications.
• Develop and apply methodologies for conducting application control risk assessments.
• Architect solutions to mitigate application vulnerabilities and enhance application resilience.
• Align application controls with regulatory requirements such as PCI DSS, NIST 800-53, ISO 27001.
• Drive the development and execution of application control frameworks, collaborating with vendors and internal teams.
• Design application control patterns to meet audit and compliance standards.
• Architect automated frameworks for continuous application control assessments and monitoring.
• Develop detailed assessment reports and remediation plans in collaboration with relevant stakeholders.
• Provide regular reports to senior management on the effectiveness of controls, gaps, and improvements.
• Manage an annual self-assessment calendar to ensure application owners regularly perform control assessments, track results, and drive remediation efforts.

Operating Environment and Working Relationships:

• Operate within established security frameworks, policies, and procedures to ensure consistent and compliant practices across all security activities.
• Navigate a dynamic and evolving IT environment, integrating security measures across diverse systems and technologies while staying adaptive to emerging threats and regulatory changes.
• Maintain strong working relationships with cross-functional teams, external vendors, and senior management.
• Adhere to security frameworks such as NESA, CIS, NIST, SOC2, and ISO.

Problem Solving:

• Conduct thorough analysis and root cause investigations for security issues and vulnerabilities.
• Develop root cause analysis and devise practical solutions for problem remediation.
• Implement effective change management processes to adopt new security solutions or corrective actions.
• Leverage a deep understanding of the IS ecosystem to assess the business impact of security problems and devise mitigation strategies.

Decision-Making Authority & Responsibility:

• Develop and maintain key security metrics related to vulnerabilities identified during assessments.
• Contribute to the development of Security Reference Architecture for information security platforms.
• Work with minimal supervision and collaborate effectively with peers and senior management.
• Contribute to policy preparation, regulation applicability, scoping, and decision-making for security controls.
• Prepare cybersecurity control designs for information security solutions across the organization.

Requirements

• A Graduate or Post Graduate degree in Science, Engineering, IT, or a related field.
• At least one certification in CISSP, CCSK, CCSP, or Azure Security.
• Results-oriented with a high level of energy, self-motivation, and strong leadership and teamwork skills.
• Proven experience in managing application control assessments, vulnerability management, and architecture design (8+ years of experience, with a minimum of 5 years specifically in these areas).
• In-depth knowledge of regulatory standards such as PCI DSS, NESA, RBI, and international compliance requirements.
• Strong understanding of risk management principles, methodologies, and strategies for risk assessment and mitigation.
• Knowledge of threat modeling techniques to identify and address potential security threats.
• Strong analytical skills to assess security risks, conduct reviews, and evaluate compliance.
• Excellent verbal and written communication skills for preparing reports, interacting with stakeholders, and delivering presentations.
• Familiarity with cloud platforms such as Azure, AWS, and OCI.