As the Information Security Architect at Schroders, you will be part of the Information Security team that provides thought leadership on managing information security threats and vulnerabilities to Schroders' information assets and be the centre of excellence for advice and coordination. The team comprises of various SME‘s in Technology Risk, Cybersecurity, Insider Security including Access and User Behaviour Management, Security Architecture and Information Risk.
- Conduct security design reviews and risk analysis, identify potential security weaknesses in the design, implementation and operation of infrastructure and applications.
- Work closely with numerous teams across application delivery and infrastructure functions including networks, platforms and end user computing, to define security requirements that contribute to the secure design and implementation of solution, in addition to provide technical security expertise in support of audit related activities.
- Consult across the broad spectrum of information security domains, including Cloud and emerging technologies while appreciating the wider global regulatory and cyber threat landscape
- Giving support to business impact assessments, security administration, third party due diligence, penetration tests, vulnerability assessments, and security monitoring
- Provide guidance to technology and business stakeholders on internal and external audit processes, representing the APAC Technology & Change practices and processes to auditors and ensuring effective appropriate risk reporting practices are followed and controls in place
- Participate enthusiastically and effectively in Agile ceremonies with information security, business stakeholders and delivery teams, contributing to planning and resourcing.
- Provide BAU support for information security services required by stakeholders including but not limited to local admin access, USB access, web URL checks, email quarantine release
- Champion information security and raise awareness about its role, objectives and initiatives.
To be successful in this role, you should possess the following requisites:
- Degree graduate with at least 5-7 years of relevant experience
- Enjoy relationship building and stakeholder management
- Demonstrable knowledge of security architecture principles, applicable to perimeter defences, emerging threats, DDoS, secure configuration of hardware and software, vulnerability management, malware defences, event log management, access controls, data loss prevention, incident response, penetration testing, cryptography, application security within the SDLC, agile, secdevops and cloud security
- Experience managing the implementation of regional and global information security projects, initiatives and operational processes in concert with the relevant stakeholders and teams.
- Ability to present complex solutions and methods to a less technical audience; providing technical and non-technical thought-leadership and education of stakeholders
- Enjoys analytical work and solving complex security vulnerabilities and design compensating controls.
- Ability to rapidly find, assimilate and correlate information correctly while under pressure