Senior Security Architect

Prudential’s purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people’s career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.

Prudential Enterprise Security Architecture and Innovation Department is part of the Group Information Security and Privacy (GISP), which typically focuses on establishing a comprehensive policy, standard, framework and controls to safeguard an organization’s assets, data and IT Infrastructure. GISP Enterprise Security Architecture and Innovation works in conjunction with different Prudential LBU businesses and application owner, Global Technology Division, Enterprise Architect and solution architect across the globe.

This position will cover Asia, Africa and United Kingdom regions, working within GISP Enterprise Security Architecture and Innovation to define the security architecture principles, architecture blueprints, explore and adopt emerging security technologies such as Cloud, AI.

This role is expected to define security architecture principles and blueprints, as well as evaluate, and develop security controls across security domains to Prudential businesses globally.

Responsibilities:

• Design and implement secure architectures and control across networks, applications, cloud environments, and data systems.
• Develop security blueprints, reference architectures, and design patterns aligned with industry standards
• Define and apply security requirements and controls across different security domains, especially Cloud and AI Security during the Application blueprinting and design review.
• Act as the subject matter expert for security architecture and provide technical guidance to project teams, solution architects, developers and business users.
• Research and evaluate security tools, technologies, and frameworks to enhance the organization’s security posture.
• Perform security risk assessment on emerging technologies and provide recommendations.
• Liaise with internal and external auditors and regulators to support Prudential businesses.
• Understand business requirement and security risk to business during the security assessment and consultation.
• Understand the company and business direction from products/solutions/market/technology in the Cloud domain
• Participate in POV/POC of selected security solutions and provide insights on suitability.

Key Requirements:

• Bachelor’s degree in Information Security/ Information Technology/ Computer Science or equivalent work experience.
• At least 12 years of experience in large organization with a focus on IT security and adoption of cloud technologies.
• Experience with architecture and security reviews, threat modeling applications and identifying areas of risk.
• Demonstrated experience in applying security and risk frameworks such as: NIST, Mitre ATT&CK, Mitre DEFEND, ISO27K
• Demonstrated experience in applying technical solutions to meet regulatory requirements stipulated by regional authorities (MAS, HKMA, BNM…)
• Ability to articulate cyber risks to senior leadership within the context of corporate strategy and threat environment
• Familiarity with secure development practices (DevSecOps) related toolset and automation CI/CID tools.
• Hands-on experience on conducting evaluation, design, implementation and optimization of a comprehensive and broad set of security technologies and processes. (Application Security, data protection, key management, identity, and access management (IAM), network security and security monitoring).
• Proficient in coding/scripting languages such as Python, Bash or Powershell.
• Possess in-depth technical knowledge in containerization technologies and cloud native applications.
• Pro-active with multitasking capabilities, comfortable to work in both hands-on and leadership role.
• High level of personal integrity, as well as the ability to professionally handle confidential matters.

Desired professional certifications:

• Cloud native certification such as CKA, CKS
• ISSP, CCSP or equivalent certification preferred.
• OSCP, OSWE, GIAC GWAPT, GPEN certification is highly desirable.

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.