Cluster Manager, Application Security Architecture- Mashreq Bank, Dubai
Job Purpose
To manage Information Security Architecture, Vulnerability posture, Cyber security and Application security programs for Mashreq.
Ensuring Architecture review are done across Digital infrastructure viz. Cloud, DevOps, Microservices, Blockchain as well as on the on-Prem infrastructure.
Certifies all technical platforms post reviews and make sure all vulnerabilities are identified, analyzed, reported and tracked for effective remediation and prioritization.
Perform and/or coordinate penetration tests, managing annual penetration testing plans for UAE and international locations. Responsible for IT compliance assessments and reviews.
Deep subject matter expertise on hacking mechanism and safeguards, guides team members on respective security areas.
Participates in Information Security and Data privacy strategies, provides core technical expertise and evaluates new solutions for implementation as and when needed.
Monitors bank's threat landscape for respective IS domains including mitigation plans, effective monitoring and reporting.
Key Result Areas
Key Accountabilities:
The Security Architect is responsible for designing and implementing security solutions for Bank’s internal IT environment and its platform.
Responsible for leading a high caliber global security team working on designing solutions.
Partners with Technical teams to identify and close security gaps for Digital infrastructure, Azure cloud and on-premise data center environments.
Advocate and practitioner of DevSecOps implementing tools and to bake in security into developer's workflow.
Trusted advisor to technical teams delivering architecture guidance, leading proof of concept evaluations, and assisting in large-scale implementations.
Effectively manage a range of stakeholders including Stream Heads and seniors.
Partner with Architecture teams to integrate security controls into continuous integration, delivery and deployment processes.
Build strong relationships with Mashreq’s technical teams and cultivate a culture of security awareness and ownership.
Key Responsibilities:
Provide guidance and subject matter expertise in infrastructure, application & data security to engineering teams.
Apply risk-based thinking enabling teams to make the right security decisions and priorities.
Identify gaps in existing security architecture and design and recommend changes or enhancements.
Develop and promote the adoption of security patterns and practices of using Azure and other internal and third-party services.
Build tools and automation that enable Mashreq developers to easily consume security services delivered by the security team.
Provide hands on security training and secure coding best practices to developers
Responsible for technical information security architecture, network and system security designs, implementation and management of information security systems and/or programs for the protection of the environment
Keeps senior management apprised on the status of information security issues and initiatives.
Assists in establishing department financial goals and objectives and ensures all objectives and expectations are met.
Deploys state-of-the-art technology solutions and innovative information security management techniques to safeguard organizational assets.
Knowledge, Skills and Experience
Graduate/ Post Graduate degree in Science/ Engineering/ IT.
Minimum 3 Certifications in CISSP, CISM, CISA, CEH, GCED, GCIA, CCSK, CISSP, Azure Security.
Demonstrated interpersonal effectiveness, and skills to communicate, persuade, influence, and handle challenging conversations effectively.
Strong technical knowledge across multiple information security domains and a solid SDLC/ SW development background.
Strong foundation and in-depth technical knowledge in security engineering, computer and network security, authentication and security protocols, and applied cryptography.
Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security.
Hands on experience in Threat Modeling, SAST, DAST, and Web application security including OWASP 10 and SANS 25.
Experience with public cloud environments and technologies, including Azure, AWS and Google Cloud or others.
Should possess a combination of strong technical knowledge across multiple information security domains and a solid development background.
Experience in DevOps environments, Microservices, and automating security controls into the CI/CD process. Experience with Jenkins or other CI tools and knowledge of technologies like containers and microservices. Development experience in Python, Java, JavaScript, or Ruby.
Experience in applying maturity model-based methods (BSIMM or OpenSAMM) to an application security program will be considered a plus. Knowledge and experience of application security frameworks; for example, OWASP (Open WEB Application Security Project).
Risk management experience and a working knowledge, i.e. ability to assess security risks at all levels across the business.
Experience of ongoing security monitoring, tools and techniques. Experience of staying up to date with security threats, vulnerabilities and security laws and regulations.
Ability to recommend, assess and evaluate new security technologies. Security Incident Management experience. Experience of info/cyber security continued professional development and awareness.
Experience working with microservices and tools such as twist lock and Veracode , kali , Burpsite etc.
Familiarity with industry standard security frameworks such as NESA, CIS, NIST, SOC2, ISO, etc.
12+ years Information Security experience with minimum 7 years in managing a team for App security, vulnerability, DevSec Ops practices and architecture designs.
Apply Here:
https://contentdelivery.mashreqbank.com/career-portal/External/FO/components/details.html?jobId=588&jobTitle=Cluster%20Manager%2C%20Application%20Security%20Architecture
=========================================================================
LinkedIn (Lite): We create/ redo your LinkedIn profile that will get you noticed by leading recruiters in the region.
LinkedIn (Pro): We optimize your profile and get you started with "Networking" with the right people.
Navigate here, to read more:
https://www.dubai-forever.com/linkedin-profile-creation-service.html