Information Security Architect

Overview The Information Security Architect (ISA) performs two primary functions within the Security Architecture & Engineering Team. The first of these is to act as an initial point of resource engagement on all projects requiring Information Security input. The ISA will work closely with project teams to understand project requirements in fine detail and assess all technical security aspects of the proposed solution. The ISA will then identify any areas where additional mitigating controls may be required in order to reduce residual risk and allow Information Security a level of comfort in endorsing the proposed solution. The second function the ISA is to design and document all controls managed by the Security Architecture & Engineering team and ensure that all existing documents are kept up to date. In this capacity, the ISA will need to keep abreast of all updates and feature releases, seeking to implement wherever these are deemed to be beneficial to the overall security posture of the business. Key Accountabilities and main responsibilities Strategic Focus

Development of Security Architectures, incorporating target and transitional states, covering IaaS, PaaS, & SaaS and On-Prem services

Provide guidance to key stakeholders on best practice architecture practices.

Ensure all security designs meet data privacy and regulatory requirements across jurisdictions

Lead cultural change for security adoption within projects

Operational Management

Advance security computing knowledge & understanding (including cloud security) across the wider organisation

Design and implement Zero Trust Architecture

People Leadership

Provide leadership in security methodologies and techniques including application transitions into the cloud and implementations of cloud-based services

Governance & Risk

Define operational standards for security services and ensure integration with group security controls across projects and the MUFG Hubs

Participate in architecture review boards and align security architecture with TOGAF and SABSA frameworks.

Ensure security controls designed and implemented as part of the agreed group strategy are commensurate with the threats/risks

The above list of key accountabilities is not an exhaustive list and may change from time-to-time based on business needs. Experience & Personal Attribute s

Ability to identify critical & high priority issues and resolve and/or escalate where required

Assist project teams with technical decisions and implementation. 

Proven experience in Zero Trust, DevSecOps, Cloud and API Security

Experienced with enterprise architecture frameworks (TOGAF, SABSA)

Knowledge of data privacy regulations and compliance requirements (GDPR, GS007, APRA234/230).

Exposure to AI/ML security risks and mitigation strategies

Provide balanced advice to key stakeholders and project resources which aligns with International Information Security frameworks and reduces the risk of control weaknesses being introduced by projects.

Well-developed communication skills, including a level of written communication and reporting skills necessary to clearly and concisely describe complex issues and actions

Ability to speak confidently with functional colleagues, peers and management and present ideas.

Computer Science Degree (or equivalent) – Major in Information/Cyber Security preferred

Finance and/or technology industry experience

Post graduate qualification

Background of 10+ years of Security Architecture, and/or Information Security Consulting related experience 

Experience with successful and unsuccessful project implementations

Knowledge of integration concepts, patterns and technologies

Extensive experience across infrastructure domains (network, compute and storage)

Experience across Cloud and infrastructure components (server, storage, network, data, and applications) to deliver end to end Cloud Infrastructure architectures and designs. Azure experience preferred.

Experience performing threat modelling and value assessment techniques to assess controls and provide architectural decisions

Experience working with Cloud Security, Cyber security (Malware, penetration testing, forensics, incident response), endpoint Security, Security Incident and Event management, Data Protection, network Security, Identity & Access Management

Experience in architecting, designing, and building Security Architecture Frameworks

7+ years’ experience as a Security Solution Architect on major projects

5+ years of experience implementing medium to large-scale distributed applications

Strong skills in MS-Project, Word, Excel, Visio, and PowerPoint

Strong communication, consulting, and negotiation skills

Formal Information Security qualifications required CISSP, SABSA. Highly desirable: CISM, SSCP, CCSP, CRISC