Head of Security Engineering, Group Tech

Overview:
The Head of Security Engineering will architect, implement, and govern a robust, future-proof security architecture and solutions across the bank. Your mandate is the absolute protection of our digital assets, infrastructure, and sensitive financial data. This includes owning the enterprise security blueprint and embedding global best practices derived from standards like ISO/IEC 27001 and NIST into enforceable security policies. This role reports to the Head of Security Management.

Responsibilities:

Operational:

• Review vulnerability results, advise on remediation options (including temporary vs. permanent fixes), and actively monitor remediation outcomes to ensure timely closure.
• Provide primary technical advisory for IAM and PAM applications and their underlying infrastructure with expert-level knowledge of enterprise security controls, including LDAP/Single Sign-On (SSO) and Access Control Lists (ACLs).
• Provide support during implementation of security related enhancements and systems, liaising with internal and external teams (IT Risk, Audit) for smooth deployment.
• Analyze changes and their security impact on existing systems whenever a new security measurement or patch is implemented.
• Manage the RCSA, Audit and Compliance for Cyber Security / BNM and Internal Audit.

Technical:

• Drive IT Security Engineering Initiatives and Projects definition and implementation, selection of solutions and architecture, as well as define operations framework and its continuous improvement.
• Design secure systems and network architectures that align with business objectives, regulatory requirements and industry best practice including translating business and technical requirements into robust and secure architecture solutions.
• Formulate network security architecture and identify suitable solutions to improve security posture group wide including recommending and implementing security architecture.
• Responsible for advisory on security infrastructure such as Firewall, Network Intrusion Prevention Systems, Mail Gateway, Internet Proxy, VPN, WIFI security, Web Application Firewall, FireEye, NAC etc.
• Ensure amended and enhanced systems meet strict BNM and Bank security compliance requirements. Utilize the Information Security risk assessment methodology to ensure proper controls are built into business requirements.

Leadership:

• Partner with solution architects, development teams, and business stakeholders to ensure secure design and implementation. Includes building relationships with vendors, regulators and industry bodies to seek and adopt industry best practices in enterprise architecture and technology strategy
• Provide technical guidance and mentorship to internal customers and internal teams and deliver targeted security workshops as and when needed.
• Manages performance, development and wellbeing of a team of architects across various technology domains to providing end to end architecture services
• Owns the relationships with key stakeholders including Cyber Security peers, group CITO, Heads of Architecture, First and Second Line Engineering Risk, Business Information Security Officers.
• Take accountability for the final decision on the technical approach for security improvements and manage the prioritization and assignment of all implementation tasks.

Skills & Experience We Are Looking For:

• Bachelor's degree in Computer Science, Information Security, or a related field; equivalent practical experience will be considered.
• Minimum of 8 years of experience in IT security architecture design, risk management and cybersecurity operations preferably within the financial services or insurance industries.
• Familiarity with IAM, network security, data protection and encryption standards.
• Practical experience with security technologies including firewalls, SIEM, IAM, DLP, XDR, PQC etc.
• Understanding of DevSecOps and secure SDLC practices.
• Cloud-specific security certifications (AWS Security Specialty, Azure Security Engineer)
• Hands-on experience in threat modeling and implementation of security controls.
• Strong knowledge of security architecture frameworks (e.g., SABSA, TOGAF with security extensions, ISO/IEC 27001, NIST, and COBIT).
• Regulatory compliance experience (RMIT, ISO 27001, SOC2, GDPR, PDPA).
• Experience with Agile and Waterfall methodologies, and secure software development lifecycle (SDLC).
• CISSP, CCSP, or equivalent would be an added advantage.
• Expertise in cloud security (AWS, Azure, GCP) and on-prem security controls.

For more job opportunities, please go to HLB Careers:

We appreciate your application and will be in touch with shortlisted candidates regarding next steps.