Assistant Vice President, IT Security (Application and Cloud Security Architect) Permanent

We’re looking for a candidate to fill this position in an exciting company.

• Design and develop security architecture for cloud computing systems and applications in Great Eastern. The security architecture should enable agile business service delivery with appropriate security controls to maintain a defensible and resilient architecture, and in compliance to technology regulations.
• Represent the Group IT Security team in development and implementation of Great Eastern’s Enterprise Architecture. Act as the senior technical representative for IT Security and engage with other technology leads to design and implement security architecture and solutions for cloud and applications.
• Drive initiatives to share knowledge and industry better practices across Security and Technology teams, and provide timely updates on developments in security technology space that can mitigate risk of new threats.
• Be the Subject matter expert to support Security Assurance and Delivery teams in defining security functional requirements, conducting security architecture design reviews, and performing security risk assessment / threat modelling.
• Evaluate Security solutions that can refresh and strengthen the security posture of the enterprise, and maintain oversight on the standardization and implementation of security solutions across all entities.
• Takes accountability in considering business and regulatory compliance risks and takes appropriate steps to mitigate the risks.
• Maintains awareness of industry trends on regulatory compliance, emerging threats and technologies in order to understand the risk and better safeguard the company.
• Highlights any potential concerns /risks and proactively shares best risk management practices.

• 8+ years of work experience with a minimum of three years architecting security controls for public/hybrid clouds and applications.
• Experience with Security assessment, security design, implementation and operation of a broad set of security technology and processes, such as data security, cryptography, identity and access management, application security, public/private cloud and container environments.
• Working knowledge on DevSecOps, including experience with deployment orchestration, automation, and security configuration management, is preferred.
• Working knowledge of common industry standard for security controls and protocol e.g. SAML, OAuth, PKCS, OWASP etc.
• Experience with enterprise application technology stacks such as web applications, APIs, microservices, mobile applications and modern frameworks.
• Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
• Strong interpersonal and communication skills. Experience in presenting technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions. Good technical writing skills.
• Experience with enterprise architecture governance and has worked as part of a cross-functional team to implement solutions.
• Industry certifications will be a plus e.g. TOGAF, SABSA, CISSP, Azure & AWS related certifications, or SANS certifications.
• Working knowledge of technology related regulations from Singapore and Malaysia.
• High level of integrity, takes accountability of work and good attitude over teamwork.
• Takes initiative to improve current state of things and adaptable to embrace new changes.