IT Security Architect will require design, governing and testing applications or installations for the group.
The role will Implement Information security governance, standards, best practices, and concepts related to secure design from business requirements to go live stage.
Lead the research and design of robust security architectures for projects.
Develop and implement standard security architecture principles and services to be consumed across the group.
Assess overall efficiency of security architecture and solution design controls and architect a plan for gap remediation.
Perform effective threat modelling & assessment of applications to depict and communicate information security threats effectively.
Work closely with technology stakeholders (especially Enterprise Architecture & Agile squad members) using DevOps & Agile methodology principles.
Key Accountabilities of the role:
Design and implement Secure (Web/Mobile) application Architectures:
Work closely with Enterprise/Data & Solution Architects to design and contribute to security and enterprise architecture strategy, principles & patterns/frameworks.
Go through the business requirement document and begin modelling threats around the data and mandate security requirements within the non-functional requirements (for both Waterfall & Agile Methodologies)
Deep involvement with agile and waterfall teams during feasibility study (RFP/RFQ stage), finalization of non-functional requirements, end to end design, user acceptance testing and pre-production activities. Perform technical scoring for RFP based on vendor response.
Build secure architectures for technology solutions planned for deployment within the environment and ensure compliance to basic security principles for security architecture (from user requirements to high/low level design, functional specs and beyond)
Highlight gaps and recommend sound security practices to improve technology Architectures
Always design and recommend security architectures in line with Enterprise Architecture principles and technology stacks
Advise on Cloud Security architectures and security requirements. Provide detailed comparison against on premises solution.
Patterns, Frameworks & Standardized Stacks
Create and review secure architecture patterns and frameworks that are practical and implementable.
Standardize security architecture technology stacks, APIs and technologies that assist the organization with automating security into the application pipeline.
Research new security concepts and ideas and mark them for inclusion in future architecture security standards and baselines in order to improve security.
Threat Assessment
Monitor current security trends, threats, regulations, advisories, alerts and vulnerabilities pertaining to the Financial Services industry and include them in the Security Architecture strategy, patterns and frameworks.
Calculate and assess security architecture threats as per ADIB/NESA Risk Management Frameworks
Review contracts and propose/ensure relative security clauses related to secure architectures are included.
Agile Development, DevOps & Cloud Security
Liaise with DevOps personnel to understand User Stories, Evil Stories & Threat Modelling to recommend secure designs.
Assist with Web Application Firewall (WAF) configurations & Infrastructure Hardening (including Container Security)
Ensure that projects are completed within the allocated cost and time commitments.
Ensure pre-production checks are carried out and are in line with policies, standards and procedures.
Ensure residuals only include minimal vulnerabilities.
Advise, coach and mentor solution architects, developers, and other Agile squad members on secure design principles.
Effective Reporting & Communication
Communicate threats to stakeholders both at the technical level (group IT) and at the end user level (business)
Represent Group Information Security at project board meetings and present security's viewpoint on threats and possible options to mitigate them.
Specialist Skills / Technical Knowledge Required for this role:
