Head of Security Program, Architecture & Assurance

Job Description

<p>Responsible for defining and assessing the bank’s security strategy, architecture, and practices in addition to ensuring the security and integrity of the Bank’s information and technology infrastructure.</p><p> </p><p><strong>Job Summary and Responsibilities:</strong></p><ul><li>Develops and maintains a security architecture process that enables to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.</li><li>Develops security strategy plans and roadmaps based on sound enterprise architecture practices.</li><li>Establishes procedures — including escalations — for when indicators of compromise (IOCs) are discovered in conjunction with security operations center (SOC) colleagues. </li><li>Drafts security procedures and standards to be reviewed and approved by executive management.</li><li>Tracks developments and changes in the IT and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts (IT Infrastructure, reference architecture, security configuration and tools such as (IPSs, WAF, Antimalware, Endpoint Protection, Firewalls, Threat modeling, DevSecOps) </li><li>Reviews and assess security and infrastructure logs for indicators of compromise or other anomalous behavior within networks, applications, or user profiles.</li><li>Ensures that a complete, accurate and valid inventory of all systems, infrastructure and applications is conducted that should be logged by the security information and event management (SIEM) or log management tool.</li></ul><p> </p><p><strong>Required Experience </strong></p><ul><li>Bachelor’s degree in computer science, information systems, cybersecurity, or any equivalent field.</li><li>12+ Years experience</li><li>Regulatory, Standards and Frameworks such as PCI-DSS, GDPR, COBIT, NIST and ISO</li><li>Banking &amp; Financial Services Industry Experience </li><li>Certification Preferential: ISC2’s CISSP, ISACA’s CISM, ISACA’s CISA, The Open Group’s TOGAF, SANS’ GAIC, IAPP’s CIPT</li></ul><p></p>