Vertex solutions is working with a large banking client based in London. Who are currently looking for a Payment security architect
In need of a security consultant to opine on projects at the cutting of payments technology to prevent vulnerabilities being engineered into the solution and to deliver effective and secure solutions.
Activities: What does the jobholder have to do?
The role involves the following core activities:
* Develop strategic security architecture for CurrencyPay (online, mobile and voice considerations)
* Design solutions for open banking, online payments APIs (iICB / PSD2)
* Design Identity, federation and authentication architecture, leveraging security solutions (SAML, PKI, SSO, RAS)
* Working with the various payments project streams, the payments business, technology, internal security and fraud, and wider bank teams, to ensure that security requirements are detailed, understood, and ultimately infrastructure and applications that are being engineered adhere to both internal security standards and industry best practice.
* More than identifying security issues, a successful candidate must be able to proactively suggest safer alternative solutions where security becomes a deciding factor
* Work with stakeholders to properly document requirements and design appropriate security solutions
* Organising security reviews and the interpretation of results where NWM have bought services or have delegated hosting.
* Scoping penetration tests and review and interpretation of results
* Review the security related clauses of contracts to make sure that security requirements are stipulated in contracts.
* Assisting Security Governance, IT, and the Business with responses to Audit reports. This mainly entails helping to scope remedial work required and clarifying individual points.
* To educate the payments business populace and technology functions in the bank in security issues such as valuing assets, securing applications, reporting security incidents and data losses. To educate project development staff to prevent security flaws being developed into applications thereby reducing security testing findings and remediation costs further down the line.
Qualifications: What training or qualifications are required to do the job/role?
* 7+ years' experience in a role that demonstrates technical expertise in relevant security domains
* Demonstrable experience specifying, designing and implementing security systems architectures and controls
* Demonstrable experience in securing payment solutions
* Experience with cloud security technologies
* Identity, federation and authentication technologies (SAML)
* Experience with payment technologies and gateways, (connect, CA API Gateway, Swift)
* Design On-Premises and Cloud security solutions.
* Demonstrable experience in articulating technical strategies, and gaining consensus and support from multiple stakeholders
* Experience of creating high quality policy, guidelines and business case documentation.
* Advanced security qualifications (e.g. M.Sc., CCNP, SANS GIAC, CISSP, CEH)
* Experience and understanding of an Investment Banking environment
* Experience working in a multifaceted security team (security risk assessment, security operations, security governance, application development, or operational risk management teams)
Technical Competence: What are the specific skills/ style and abilities required of the job/ role?
* Subject matter expertise in securing banking environments
* Solid understanding of cryptography, security architecture principles and development of security system roadmaps
* Knowledge of global financial regulatory expectations around Information Security
* Knowledge and awareness of industry best practice standards and security regulations including ISO27000 series, SOX regulations, and Data Protection regulations.