Job Description

The Senior IT Security Architect is a seasoned professional with a strong expertise on Data management. He/she will participate to IT projects security reviews conducted both on a global and local basis across all platforms. This requires the incumbent to foster close working relationships with other business areas and IT Development/Production teams. The incumbent will work hand in hand with the IT Dev and Prod teams and the business, as an enabler and a facilitator, in an Agile mindset. Main Responsibilities IT security compliance (APAC scope)

• Ensure the alignment with the Group and GAIM security policies, for both project and production assets
• Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA)
• Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements
• Ensure the compliance with the Third-party Technology risks and the Cloud security

IT Security architecture

• Conduct planning, researching, and designing security architectures
• Review, and approve the security requirements for applications and IT setup
• Ensure the compliance level of the applications with the Security architecture standards including Third-party and cloud security risks
• Ensure the protection of business data with an adequate level of security
• Identify and track potential IT security risks
• Provide reporting to senior management for awareness and action

IT Data Management and Data analytics/science technologies

• Keep up with the knowledge of Data security and protection regulatory landscape and related measures.
• Understand the Data analytics and data sciences technologies (data standard practices including products / cloud related solutions.
• Ensure the solutions of Data Management, Data analytics and data science solutions are implemented with the Group security architecture requirements (e.g. Tableau, PowerBI, AI and other Data analytics solutions). This would also include the development framework and environments highly used in DA landscape (R, Python, DevSecOps and API management)
• Identify the IT security risks in advance, record and follow-up them.
• Ensure the regular reporting management.

Ideal candidate

• 10 years' experience in information security and IT risk management.
• Experience in evaluation and design of technical architectures and processes
• Functional as well as technical knowledge of the common architecture and Cybersecurity frameworks and solutions
• Knowledge of the Norms and Standards of the banking and cybersecurity industry (MAS TRM, HKMA, NIST...)
• Experience with Data Analytics technologies knowledge (Datalake, Data science, Data processing/visualization)
• Technical knowledge of SQL
• Strong understanding of cybersecurity threats and remediation options and of IT risks management processes
• Very good written and oral communication skills with ability to communicate at all levels, from technical to conceptual levels.