Security Architect (Technology Operations Risk)

Brilliant security architect role in an investment bank!
Your new company
The company is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.

Your new role
The IT Security Architecture (SecArch) team is part of the Technology Operations Risk (TOR) organization. The mission of the SecArch team is to provide security design, security consulting and security assessments of technology systems and processes to identify business risks and recommend remedial action based on established security standards or security best practices.The Security Architecture works with team members (IT, Business, Suppliers, Stakeholders and Partners) globally to perform SecArch assessments.

Your responsibilities:
  1. Co-design security architecture of various IT solutions along with domain architects and designers
  2. Drive SecArch deep dives with the requestor of the assessment
  3. Conduct assessment and provide technology risk/requirements to the requestor. Areas covered:
    1. AAA – Authentication, Authorization, Auditing
    2. Application Security – Session Security, Vulnerability/Pen Testing items, Input Validation
    3. Secure data transport and storage
  4. Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
  5. Participate in various Operational and Technology Risk governance processes
  6. Assist in identifying new areas and opportunities of technology investment for the firm

What you'll need to succeed
Security Architecture Skills
  1. Required – Hands-on Security Design experience in one or two of the following domains: Compute, Storage, Network, End User Technology, Enterprise Security Platform, Mobile, Cloud infrastructure.
  2. Required – In depth knowledge of application, network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers
  3. Required – Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy-in.
  4. Required – Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
  5. Required – The candidate must have working experience in the following application/network security domains:
    1. Authentication: SAML, SiteMinder, Kerberos, OpenID
    2. Entitlements and identity management
    3. Data protection, data leakage prevention and secure data transfer and storage
    4. App Security - validation checking, software attack methodologies
    5. Cryptography – encryption and hashing

Development Experience
  1. Required – In-depth knowledge of web technologies such as Web Browsers, Web Servers, Web Services

Other Areas of Expertise
  1. Database design and programming experience
  2. Experience of liaising with 3rd Party Entities (exchanges, suppliers, regulators)
  3. Experience in conducting and / or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments
  4. Understanding of geographic regulations and their impact on Security assessments
  5. Previous experience in Financial Services is preferred
  6. CISSP or other industry qualification

What you'll get in return
  • The opportunity to work in a leading investment bank
  • The opportunity to collaborate with like-minded individuals
  • The career development opportunities working in a fast-paced environment

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career. #1230770


Job Type
Banking & Financial Services
Banking and Financial Services

Talk to a consultant

Talk to Raven Bassi, the specialist consultant managing this position, located in Hong Kong
6604-06,66/F, ICC, 1 Austin Road West, West Kowloon

Telephone: +60376118600