Provide thought leadership, analyse proposed solutions for identified threats, vulnerabilities and risks, and to proactively contribute to the overall industrialisation and automation of security controls and operating models across the organisation in the following domains;
Vertically across digital channels and services and supporting engineering technology platforms.
Horizontally across Application and Service protection.
The role requires strong and effective thought leadership, strategic thinking, technical acumen and effective verbal and written communication to both technical and business stakeholders.
Day to day you will
Develop relationships with technology stakeholders, take the learnings from project engagements and inform security decision making in shifting common security architectural patterns and enterprise security strategy
Develop security solution architecture and designs for security initiatives to deliver new or uplifted enterprise security capabilities
Develop and maintain re-usable security architecture and design patterns for consumption by the broader security and solution architecture practice
Foster a collaborative culture for the development of strategic thinking within Security Services’ individual teams
Ensure appropriate knowledge management and accurate documentation across domains in the enterprise security architecture practice
Document, socialise and present outcomes of key decisions during security architectural engagements
Advise projects on appropriate security patterns aligning to the organisation’s information risk policy and standard operating procedures
What you will bring:
Extensive experience in security architecture and design
Proven ability to develop control definitions from control objectives to form security architecture in a large and complex environment
Comprehensive knowledge and understanding of banking and finance, including industry trends and technology adoption
Knowledge of, and experience in technology governance, including industry frameworks such as ITIL and COBIT and relevant Australian and international standards
Knowledge and understanding of Threat Modelling methodologies and Common TTPs in modern and agile applications and common countermeasures and defensive controls used in large enterprises
Familiarity and understanding of the MITRE ATT&CK framework
Knowledge and understanding of modern application architectural styles and design patterns (e.g. Micro-services, Micro front ends, Service Mesh, Backends-For-Frontends, container-orchestration, OAuth2.0 and OIDC enabled web services)
Knowledge and understanding of legislative and regulatory requirements relating to banking and finance technology
Leadership and thorough understanding of current and emerging security threats, relevant security solutions, and limitations of such solutions
Strong influencing skills and ability to effectively communicate with all levels of management, convey ideas clearly and with passion
Salt is acting as an Employment Agency in relation to this vacancy.