IT Security Architect

Prudential's purpose is to help people get the most out of life. We will deliver our purpose by creating a culture in which diversity is celebrated and inclusion assured, for our colleagues, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and in exchange, we support our people's career ambitions. We pledge to make Prudential a place where you can Connect, Grow and Succeed.
Job Responsibilities

• Align the security architect with enterprise architect through understanding all the organization's technology and IT systems.
• Perform mapping all high- and low-level design of security solutions and controls implemented with all technology layers (infrastructure, network, applications, and data) and ensure there is no weakness which is not addressed via risk assessment framework.
• Lead the local researching activities for emerging vulnerability and exploitation in regular basis to ensure no critical vulnerability not addressed in local IT systems.
• Reduce time-to-detect and time-to-remediate by driving the automation of applied IT security initiatives from Regional.
• Develop innovative solutions to protect networks, assets, and products by implementing state-the-art detection, prevention, and response capabilities.
• Support the delivery of PVA's cloud security offering, including security governance, strategy, risk assessments and management, data protection, cloud-based identity and access management, technology/provider-specific architecture, and monitoring/analytics both for and in the cloud.

• In planning phase:
  • Developing projects timeline for system vulnerability identifying and patching with properly estimating cost.
  • Align the security controls (based on Group security standards) will be implemented with the solution architect in design phase.
• In implementation phase:
  • Accountable for detecting and mitigating all critical vulnerabilities via internal and external penetration test result.
  • Ensure the mitigation actions are performed in timely manner.
• In post implementation phase:
  • Provide reporting and metrics on the state of security ongoing and associated IT security risks on overall IT projects.
  • Lead the lesson learn, sharing to project team to avoid any reoccurred weakness in design.

• Responding quickly and effectively to all security incidents and providing post-event analyses.
• Measure and enhance current security controls to comply with regulatory requirements.
• Continuously monitor Security operation and vendor's service for all solution in place. (WAF, DLP, AV, NG, PIM).
• Ensure critical vulnerabilities over IT systems are addressed properly via patch management process.
• Ensure security configurations of the systems against regional baseline and identifying gaps between them to fix.
• Ensure the appropriate usage of Privileged IDs.
• Establishing disaster recovery procedures and conducting security breach drills based on BCP plan.

Job Requirements / Yu cu

• University degree in Information Security or Computer Science with significant demonstrable experience in Information Security.
• Certification such as OSWE, CCSP, CISSP are preferred.
• A minimum of 7 years relevant experience in Information Security (Technical) with 2 years-experience in Cloud Security implantation and operation and 2 years in Application security engineering role.
• Broad knowledge of security domains, trends, and technologies (such as threat and vulnerability management, network security, endpoint security, web application security, data loss prevention, encryption, security hardening).
• Technical understanding of various technology stack and platform (e.g., Azure DevOps, Terraform, Git, Jenkins, Dockers, Kubernetes, Node.js, Java, ).
• Be familiar with cloud security frameworks, compliance requirements and security operations.
• Ability to map security controls to compliance requirements for cloud environments.
• Familiarity with industry standards such as PCI DSS, NIST SP-800 Series, CIS 20, CSA CCM.
• Knowledge of risk management principles.
• Strong interpersonal and communication skills.
• Strong project management experience.
• Strong analytical and problem-solving skills.

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with special requirements.