JRI America, Inc., ("JRI-A"), is a subsidiary of the Japanese IT financial services company, Japan Research Institute Ltd ("JRI"), which is the specialist IT subsidiary of Sumitomo Mitsui Financial Group ("SMFG"). SMFG which owns Japan's second-largest bank, Sumitomo Mitsui Banking Corporation ("SMBC") by asset size and a Fortune Global 200 company offers a broad range of financial services, primarily banking-related. The group is also engaged in leasing, securities, credit cards, mortgage securitization, venture capital and other credit related businesses and employs over 60,000 people worldwide and has a stated strategic objective of further global expansion. JRI-A provides information technology services in the Western Hemisphere (including the Americas, Europe, Middle East and Africa) that support the Group’s operations.
The primary objective of the Senior Security Architect role is to ensure the security of all applications, systems and services introduced into the SMBC operating environment meet our defined security standards, comply with our policies, follow industry best practices and comply with all applicable regulations in the countries in which we operate, with regard to system and application architecture, configuration and security, user access controls, data protection, auditing and monitoring, secure coding and any other relevant security controls that may be introduced.
The Senior Security Architect provides expertise and guidance in the research, analysis, design, development, and delivery of new and existing security solutions and architectures to secure applications, operating systems, databases, and networks. The role is expected to have a thorough understanding of complex enterprise IT systems and stay current with the latest security standards, industry best practices and leading security products. This role acts as a technical information security advisor to project teams and assist in identifying, managing, and mitigating security risks for applications and systems across the bank.
Responsibilities include proposing solutions in compliance with bank security policies and regulatory requirements in line with the overall business and information security strategy. Demonstrated ability to interface with internal subject matter expertise and 3rd party vendors to integrate external services with existing applications and systems.
Ability to apply security architecture principles and requirements in a heavily regulated financial services organization including:
· Researching emerging technologies and solutions to solve complex business problems. Proposes and maintains reference architecture.
· Providing architectural guidance, focused on enterprise security for applications, solutions and services. Interfacing with architecture & engineering, development, infrastructure teams and project managers to deliver designs secure solutions.
· Delivering secure enterprise level solutions that integrate across applications, systems and platforms.
· Partnering with project managers, business process owners and service owners to understand business requirements. Align architecture and security strategy with corporate technology standards and roadmap.
· Enhancing security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions.
· Reviewing and approve architecture designs, firewall rule and network changes with an emphasis on security risk and policy enforcement ensuring proper functioning and alignment with product/application strategy.
· Reviewing and recommending process improvements, policy enhancements and standards.
· Maintaining secure operating environment by monitoring and identifying security gaps and implementing enhancements.
· Preparing system security reports by collecting, analyzing, and summarizing data and trends.
· Tracking and understanding emerging security threats and vulnerabilities related to the security architecture and recommend mitigations.
· Managing projects by following the banks life-cycle project management framework including but not limited to project documentation, delivery schedule, contract reviews and negotiations, statements of work and procurement of products and services.
· Interfacing with and manage 3rd party vendor relationships.
· Managing architecture and engineering staff including hiring, performance reviews and resource planning and management.
· Mentoring and train junior security staff. Develop and conduct training as part of the rotational training program.
· Cultivating and promote a culture of security awareness and education of personnel to ensure security policies and best practices are adhered to at all times.
The Senior Security Architect is a key advisor and subject matter expert in various security disciplines including but not limited to Secure Networking Architectures (LAN/WAN/VPN/Firewalls/
Solid understanding of IT systems and services underlying the business applications such as operating systems (Unix, Linux, Windows, vitalization), Authentication (Kerberos, TACACS, RADIUS, SSL, MFA, SSO), Cloud Services (Saas, PaasS), Directories (LDAP, AD, eDirectory), Databases (SQL, Oracle) and Integration with Middleware technologies (e.g. Websphere Application Server, Websphere MQ, Workflow).
· Minimum 10 years of work experience in Information Technology
· Minimum 5 years of experience in an Information Security role
· A degree in Information Technology, Computer Science or related field
· Advanced security qualifications such as CISSP, CRISC, CISM certifications is preferred
Required Skill /Abilities
· Strong project management skills required with in depth experience with software development lifecycle and architecture standards and implementation including strategic direction, resilient architecture designs, user experience and impact, performance management, security controls, quality assurance and enterprise security standards.
· Sound and current knowledge and understanding of industry best practice frameworks for system security. i.e. ISO, NIST, COBIT, SSAE-16
· Knowledge of European and North American legal and regulatory requirements relating to system security and data protection. i.e. NYSDFS, GDPR, SOX, PCI
· Bank specific knowledge and understanding of the business processes and associated risks enabled by the IT solutions (e.g. cash management, foreign exchange, money market, loans, trade finance, settlement, risk management, financial accounting and management reporting)
· Self-motivated, proactive and quality driven with a strong sense of accountability exploring opportunities to add value to job accomplishments.
· Promote the department and organization’s reputation and accepting ownership for accomplishing challenging and complex requests
· Customer service oriented with excellent written and verbal communication skills. Ability to translate technical requirements and challenges at various levels within the organization.
· Experience and exposure to internal audits and regulatory examinations.
· Good working knowledge of IT risk management and compliance with a focus on security.
· Proven analytical and problem solving skills with the ability to lead others and make decisions in a fast paced environment
· Demonstrated ability to act as a team player and role model guiding, training and mentoring junior staff