Security Architect – Anti-Financial Crime

Job Category: Security Architect - Anti-Financial Crime
Job Type: Full Time
Job Location: Bucharest

Role Responsibilities

  • Design, build and implement enterprise-class security systems for a production environment
  • Align standards, frameworks and security with overall business and technology strategy
  • Identify and communicate current and emerging security threats
  • Design security architecture elements to mitigate threats as they emerge
  • Create solutions that balance business requirements with information and cyber security requirements
  • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
  • Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications
  • Train users in implementation or conversion of systems
  • Derive the IT Security strategy from the overall Chief Information Security Office (CISO) strategy and requirements and translates this into an operational plan for delivery for their area of responsibility
  • Act as point of escalation for IT Security issues and exceptions.
  • In relation to the IT Assets, processes within their scope of responsibility they:
    • Drive integration of Chief Information Security Office Initiatives, programs and central solutions and ensure alignment with the divisional portfolios.
    • Ensure effective and efficient communication, coordination and implementation of CISO IT Security requirements and decisions
    • Are responsible for the adoption of centrally mandated Security Solutions and the maintenance of technical security documentation and compliance to security controls.
    • Are the recognized expert in Information Security Policies and procedures and their implementation in relation to technologies.
    • Proactively manages IT audits and plan (in co-operation with COO IT management) preparation and remediation.
    • Ensure appropriate senior management awareness/oversight of follow-up on action items to resolve identified issues, e.g. information security reviews of vendors, audit issue resolution.
    • Spearhead independent reviews of IT Security Controls, prioritise identified issues and assesses remediation actions for quality, considering the optimal cost-risk ratio as well the strategically optimal resolution (e.g. Information Security control evaluation and respective follow up activities).
    • Verify remediation concepts for critical and systemic issues and monitors their execution according to plan and with quality.
  • Partner with key stakeholders (Chief BISOs and IT management etc.) to act as mediator and subject matter expert for them on Information Technology Security topics. Ensure a common understanding of Information Technology Security risks and their implications for the Group and for their scope of responsibility.

Experience and Exposure

Experience of 10-15 years in:

  • Security architecture, demonstrating solutions delivery, principles and emerging technologies – Designing and implementing security solutions. This includes continuous monitoring and making improvements to those solutions, working with an information security team.
  • Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.
  • Security considerations of cloud computing: They include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks.
  • Identity and access management (IAM) – the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources.
  • Experience with and knowledge of:
  • VB.NET, Java/J2EE, ColdFusion, API/web services, scripting languages and a relational database management system (RDBMS) such as MS SQL Server or Oracle. These are some of the technical elements needed to build security into an organization.
  • ISO27001 – specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organization’s risk management
  • Control Objectives for Information and Related Technologies (COBIT)
  • Windows and UNIX environment.
  • General skills include:
  • Exceptional communication skills with diverse audiences – Strong critical thinking and analytical skills
  • Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments
  • Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
  • The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background

Education/Certification

  • Degree in Information Security or a comparable education
  • In addition, the following education/certification attainment will be beneficial:
    • CISSP (Certified Information Systems Security Professional) or equivalent.
    • ISSMP (Information Systems Security Management Professional).
    • CISM (Certified Information Security Manager) or equivalent.

Apply for this position

Allowed Type(s): .pdf, .doc, .docx