Senior Security Architect – API Security Specialist
Our Global Security department missions are to:
• Deliver best fit security services and solutions to protect business operations and assets;
• Build up and support the implementation of a flexible information risk mitigation strategy for the businesses in the scope of the company group Information Security Policy;
• Develop security architectures which facilitate business objectives and support the business strategy while ensuring appropriate protection of information assets;
• Lead the information security maturity improvement programs;
• Manage information security community to ensure coherence & synergy;
Within Global Security, the mission of the Security Architecture team is to design security measures for new applications or infrastructure; to assess information security risks on projects or assets; to support any department in the bank by providing security advices on specific requests; to document security principles and reference architectures.
The Security Architecture team is looking for an experimented security architect who can help IT and business teams to build and to secure new digital banking solutions. In this role the candidate must be able to support all dimensions of the solution from the contextual up to the technical layer with a strong focus on mobile banking and API security.
• Establish and maintain security models, architecture principles, and guidelines to secure online financial services or API based services;
• Support IT architects to develop “secure by-design” application architectures based on security patterns, requirements and risk analysis;
• Ensure project conformity with security rules and methodology;
• Support management in the development of strategic vision and roadmap when it relates to online financial services or API security;
• Write high quality management memos and risk analysis reports;
• Actively promote security practice in the IT and Business community through awareness and knowledge sharing session.
Education: Master or equivalent by experience in IT, computer science, or engineering.
Travel: Occasional travels to Paris
Required experience / knowledge
10 years of professional experience in Information Security
• Knowledge of information security in general, with a focus on web or mobile application development;
• Proven experience in online payment or mobile app related projects;
• In-depth understanding of the threats applicable to online payment services and mobile apps;
• Strong experience in API security architecture;
• Experience in working with structured architecture models covering business, IT technical and operational views
• Experience in security risk assessments or audits (risk analysis, mitigation plan development etc.).
• Experience in mobile banking related project;
• Creation of conceptual and logical reference architecture documents;
• Good knowledge of information security standards & frameworks (ISO 2700x, NIST, SANS);
• Good understanding of IT security technology and processes (IAM, PKI, VDI, secure networking, web infrastructure, etc.);
• Certified Information Systems Security Professional CISSP;
• Experience in IT architecture methodologies (e.g. TOGAF);
• Experience in structured security architecture methodologies (e.g. SABSA).
mandatory: Proven experience in the security or IT organization of a company exposing online payment or transactional services.
preferable: Experience in the security or IT organization of a large financial institution.
• Good communication and influencing skills, both written and verbal
• Good analytical and synthesis skills
• Team player
• Pro-active attitude
• Ability to work in a dynamic and multi-cultural environment