This is a senior position responsible for designing, building, testing, implementing and monitoring Data Security controls within the Bank’s IT environment. The role is appointed to support the Bank’s cyber Security and data protection efforts and to support the organization through a complex, evolving data privacy environment. The job holder is expected to have a thorough understanding of complex banking data processing environments and stay up to date with the latest data security standards and best practices.
In addition to anticipating possible data security threats and identifying improvement opportunities, the Data Security architect must respond promptly to possible data breaches and coordinate the incident response plan effectively.
Principal Responsibilities, Accountabilities and Deliverables of Role:
- Identify and communicate current and merging data security threats.
- Review current data security measures and recommend and implement enhancements.
- Work with Legal and Compliance to gather, identify and interpret data protection and retention requirements.
- Design and implement data security solutions that balance business and regulatory requirements with cyber security requirements. This includes continuous monitoring and making improvements to those solutions while working with other security colleagues across the Group.
- Provide advice and engineer data security controls during the design and implementation of banking applications and systems in the organization.
- Plan and coordinate data and banking application penetration tests.
- Plan and coordinate banking application dynamic and static security testing.
- Monitor compliance with internal data security policies and standards.
- Support the data incident response and data breach notification procedures.
- Document, align and maintain standards and procedures with the overall data security strategy.
- Maintain and oversee the implementation of the Bank’s data and system classification framework.
- Maintain and oversee the implementation of the Bank’s system security management framework; ensuring all security controls and activities are implemented as expected.
- Oversee the maintenance of security records required to demonstrate data protection compliance.
- Oversee and coordinate other security staffs’ efforts during the implementation of security projects.
- Manage an assurance program to remediate activities that are not in compliance with policies and procedures.
- Provides updates on the data security plan to the CISO and other senior managers as appropriate.
- Participate in the Data Protection working party, and other working groups as needed.
- Strong knowledge of Information Security standards and controls (e.g., ISO 27001/27002, NIST CSF, CIS TOP 20)
- Knowledge of common data security architecture (CDSA), including cryptographic, use of certification authorities, digital signatures, API authentication.
- Knowledge of the European Union’s and Singapore’s Data Protection requirements, obtained from at least one of UK, Ireland, Spain, Italy, Germany, France or Singapore.
- Knowledge of dynamic application security testing (DAST) and static application security testing (SAST)
- Knowledge of Cloud Computing Security, including AWS and Azure management, APIs and WEB services, and DAST and SAST for cloud solutions.
- Understanding of capabilities for storage and database native security and security products, and experience with implementing/evaluating those technologies
- Good understanding of banking data processing activities and new technologies (e.g., FinTech, Blockchain).
Education / Certifications
- University degree with an IT background
- Recognized and active information security qualifications (e.g., CISSP, CISM, EC Council or SANS related certifications.).
- At least 15 years of work experience
- Minimum of 3 years in a leadership role.
- 7+ years of experience in Information Security with a focus on data protection
- Recent, full-time working experience with top, international banking/financial institutions.
- Practical experience on leading and/or implementing data protection security controls such as encryption, obfuscation, tokenization, user access controls, data loss prevention, APIs and application authentication and authorization.