Senior Manager – Security Architecture.RMG Information Security & Technolog at Mashreq Careers

, , United Arab Emirates -

Full Time

Start Date

Immediate

Expiry Date

20 May, 26

Salary

0.0

Posted On

19 Feb, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cybersecurity Architecture, Security Reviews, Risk Management, Security Requirements, Risk Management Framework, Security Posture Evaluation, Security Controls Definition, Application Security Framework, Threat Modeling, Architecture Review, Cloud Security, Digital Ecosystem, Microservices, Open Api Framework, Blockchain Technology, Agile Framework

Industry

Banking

Description

Key Areas: Key Accountabilities: • Ensure cybersecurity designs for systems and networks with multilevel security requirements • Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines. • Perform security reviews, identify gaps in security architecture, and develop a security risk management plan • Provide security requirements to be included in statements of work and other appropriate procurement documents. • Provide input to the Risk Management Framework process activities and related documentation • Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. • Evaluate security architecture and designs to determine the adequacy of security design and architecture • Analyze user needs and requirements to plan architecture. • Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately • Manage application security framework improvements • Implement tools and strategies to ensure the successful implementation of the Application Security Program • Communicate effectively with lines of business and clients to address complex information security issues. • Reviews documentation created by team members and peers to provide constructive feedback. • Prepares and reviews activity reports as requested by management. • Develops and ensures services in response to various risks and threats. • Review state-of-the-art technology solutions and innovative information security management techniques to safeguard organizational assets. • Ensure RTB (Run The Bank) and CTB (Change The Bank) activities are meticulously planned, including operational continuity, resource allocation, and compliance for RTB, and detailed project management, risk assessment, and change control for CTB. Coordinate with cross-functional teams to integrate and execute these activities effectively 5 Operating Environment, Framework and Boundaries, Working Relationships • Knowledge and working relationship with different teams in Technology Operations, Business Technology, Audit, International Banking, Information Security Team, etc. • Cloud and Digital Ecosystem, Microservices and Open API Framework, Blockchain related technology • Enterprise Infrastructure, Business Technology, and related Application • Security frameworks such as NESA, CIS, NIST, SOC2, ISO • Information Security regulations: NY DFS CRR 500, FFIEC, RBI Cyber Security Framework, HKMA CRAF and SPM • Information Security governance frameworks such as ISO27001, NIST 800 series, COBIT, SABSA etc. 6 Problem Solving • Analytical thinking and ability to analyze complex problems, consult when needed and validate risk-based solutions. • Problem resolution to stay on the cutting edge of digital technology • Ability to do issue analysis and root cause of problem. Ability to consult and provide digital solutions to technology and business that mitigates/reduce the risk to acceptable level. • Ability to prepare root cause analysis and devise solutions for problem remediation. Ability to enable agile framework, technology solution and processes for proactive management of the Digital ecosystem • Implementation and effective change management for the new solution or corrective actions • • Understanding to prepare business impact for problems 7 Decision Making Authority & Responsibility • Recommendation and influence on decisions to implement risk-based solutions • Evaluation of relevant solutions/technologies • Responsible for Validating any proposed security solutions to mitigate cloud & digital risks and on-prem IT infrastructure • Evaluates and certifies relevant cloud solutions/technology and technology solutions • Prepares Application and Digital Reference Architecture for Mashreq’s IT infrastructure platforms • Coordinates PoC of relevant Cybersecurity solutions/technologies and submits recommendations to senior managers. • Influences policy adherence, regulation applicability, scoping and control decision. • Ability to review and attest controls design • Cost-benefits analysis (ROI) in risk and control decision. 8 Knowledge, Skills and Experience • 12+ years of experience in security architecture with threat modeling and architecture review. • Professional security certifications such as CISSP, CCSP, ISSAP (at least one) is good to have. • Deep understanding of technologies and architecture in a highly scalable and available set-up. • Deep understanding & expertise with highly transactional, large relational and complex systems • Above 12 years of experience with technology depth as well as good people skills • Good understanding of the Software Development Life Cycle Methodologies such as Waterfall, Agile, CI/CD, DevSecOps. • Exposure to the Application Security Vulnerabilities (OWASP Top 10) • Good Knowledge and familiarity with Operating system administration – Windows & Linux

Responsibilities

The Senior Manager will ensure cybersecurity designs for systems and networks meet multilevel security requirements and are consistent with organizational guidelines, while also performing security reviews and developing risk management plans. This role involves defining security requirements for procurement, providing input to the Risk Management Framework, and evaluating how new systems impact the current security posture.