Security Architect

About the Role

Security Architect is a critical role ensuring security capabilities are adequately identified, specified, built into our foundational fabrics (Bank Infrastructure, Applications, etc.), operationalised and maintained effectively. As a part of a cloud native company, the Security Architect will be driving the modernisation of security practices and controls in a highly regulated environment.

The Security Architect will be the primary assessor and driver for the risk and controls built into new applications and systems and represents security in various architecture forums and committees. He ensures the highest standard is enforced across technology and processes.

Work Responsibilities

• Researching & developing Information Security Architecture
• Conducting regular review to update Information Security Architecture with current security controls technology & cyber security best practices
• Involving and provide recommendation in system development to provide recommendations regarding Security Architecture to mitigate the emerging threats
• Anticipating possible security threats and identifying system (infrastructure & application) security design weaknesses and recommending enhancements to secure the system
• Defining and reviewing Information Security Architecture roadmap & initiatives
• Promptly responding to all security incidents and providing thorough post-event analyses.

Job Requirements

• A recognized university degree in Computing, Information Technology or equivalent
• Has 8+ years demonstrable experience on information security architect or related, ideally with experience in building, automating or running security platforms
• Has 3+ years working experience cloud technologies such as GCP, AWS
• Has 2+ years experience in cloud security and knowledge of cloud security controls including tenant isolation, encryption at rest, encryption in transit, and various security controls.
• Has strong knowledge of security architecture principles, applicable to cloud-native designs, perimeter defenses, emerging threats, DDoS, secure configuration of hardware and software, vulnerability management, malware defenses, event log management, access controls, data loss prevention, incident response, penetration testing, cryptography, application security within the SDLC, agile, Devsecops and cloud security
• Knowledge and experience with identifying and understanding the most common application security vulnerabilities (OWASP Top 10).
• Must have certification in any of InfoSec or Cyber security eg. CEH, CISSP, ISSAP, CISM, CSSA, SABSA, etc.
• Familiar with Indonesia Bank regulations (POJK, BI) as well as PCI-DSS standards.
• Financial Services/ Banking industry experience.
• Excellent ability to communicate clearly and concisely technical solutions to stakeholders with varied profiles. (Bahasa, English)
• Fostering a culture of security consciousness across various teams.
• Capable of creating security documentation to support architecture decisions.

Leadership Competency

Individual Contributor