Assistant Vice President, IT Security (Application and Cloud Security Architect) Permanent NEW

Job Purpose

The Application and Cloud Security Architect will be responsible for the design and implementation of Cloud-based and application security architecture, including the relevant security standards, practices and solutions. This role will contribute to the overall enterprise security architecture of Great Eastern, and will represent Group IT Security in all matters related to IT/Cyber security in Enterprise Architecture forum.

The successful candidate should have experience in driving enterprise security solutions standardization, and possess strong technical capabilities combined with excellent interpersonal skills. The role will be required to interact with leaders across various Security, Risk Management and IT domains to understand existing challenges and identify opportunities for enhancing the effectiveness of security solutions.

The Job

• Design and develop security architecture for cloud computing systems and applications in Great Eastern. The security architecture should enable agile business service delivery with appropriate security controls to maintain a defensible and resilient architecture, and in compliance to technology regulations.
• Represent the Group IT Security team in development and implementation of Great Eastern’s Enterprise Architecture. Act as the senior technical representative for IT Security and engage with other technology leads to design and implement security architecture and solutions for cloud and applications.
• Drive initiatives to share knowledge and industry better practices across Security and Technology teams, and provide timely updates on developments in security technology space that can mitigate risk of new threats.
• Be the Subject matter expert to support Security Assurance and Delivery teams in defining security functional requirements, conducting security architecture design reviews, and performing security risk assessment / threat modelling.
• Evaluate Security solutions that can refresh and strengthen the security posture of the enterprise, and maintain oversight on the standardization and implementation of security solutions across all entities.
• Takes accountability in considering business and regulatory compliance risks and takes appropriate steps to mitigate the risks.
• Maintains awareness of industry trends on regulatory compliance, emerging threats and technologies in order to understand the risk and better safeguard the company.
• Highlights any potential concerns /risks and proactively shares best risk management practices.