IT Security Architect

7-10 years
Job Description

Prudential's purpose is to help people get the most out of life. We will deliver our purpose by creating a culture in which diversity is celebrated and inclusion assured, for our colleagues, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and in exchange, we support our people's career ambitions. We pledge to make Prudential a place where you can Connect, Grow and Succeed.
Job Responsibilities

  • Align the security architect with enterprise architect through understanding all the organization's technology and IT systems.
  • Perform mapping all high- and low-level design of security solutions and controls implemented with all technology layers (infrastructure, network, applications, and data) and ensure there is no weakness which is not addressed via risk assessment framework.
  • Lead the local researching activities for emerging vulnerability and exploitation in regular basis to ensure no critical vulnerability not addressed in local IT systems.
  • Reduce time-to-detect and time-to-remediate by driving the automation of applied IT security initiatives from Regional.
  • Develop innovative solutions to protect networks, assets, and products by implementing state-the-art detection, prevention, and response capabilities.
  • Support the delivery of PVA's cloud security offering, including security governance, strategy, risk assessments and management, data protection, cloud-based identity and access management, technology/provider-specific architecture, and monitoring/analytics both for and in the cloud.
  • In planning phase:
    • Developing projects timeline for system vulnerability identifying and patching with properly estimating cost.
    • Align the security controls (based on Group security standards) will be implemented with the solution architect in design phase.
  • In implementation phase:
    • Accountable for detecting and mitigating all critical vulnerabilities via internal and external penetration test result.
    • Ensure the mitigation actions are performed in timely manner.
  • In post implementation phase:
    • Provide reporting and metrics on the state of security ongoing and associated IT security risks on overall IT projects.
    • Lead the lesson learn, sharing to project team to avoid any reoccurred weakness in design.
  • Responding quickly and effectively to all security incidents and providing post-event analyses.
  • Measure and enhance current security controls to comply with regulatory requirements.
  • Continuously monitor Security operation and vendor's service for all solution in place. (WAF, DLP, AV, NG, PIM).
  • Ensure critical vulnerabilities over IT systems are addressed properly via patch management process.
  • Ensure security configurations of the systems against regional baseline and identifying gaps between them to fix.
  • Ensure the appropriate usage of Privileged IDs.
  • Establishing disaster recovery procedures and conducting security breach drills based on BCP plan.

Job Requirements / Yu cu
  • University degree in Information Security or Computer Science with significant demonstrable experience in Information Security.
  • Certification such as OSWE, CCSP, CISSP are preferred.
  • A minimum of 7 years relevant experience in Information Security (Technical) with 2 years-experience in Cloud Security implantation and operation and 2 years in Application security engineering role.
  • Broad knowledge of security domains, trends, and technologies (such as threat and vulnerability management, network security, endpoint security, web application security, data loss prevention, encryption, security hardening).
  • Technical understanding of various technology stack and platform (e.g., Azure DevOps, Terraform, Git, Jenkins, Dockers, Kubernetes, Node.js, Java, ).
  • Be familiar with cloud security frameworks, compliance requirements and security operations.
  • Ability to map security controls to compliance requirements for cloud environments.
  • Familiarity with industry standards such as PCI DSS, NIST SP-800 Series, CIS 20, CSA CCM.
  • Knowledge of risk management principles.
  • Strong interpersonal and communication skills.
  • Strong project management experience.
  • Strong analytical and problem-solving skills.

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with special requirements.



Prudentialplc provides life and health insurance and asset management, with a focus on Asia and Africa. We help people get the most out of life, by making healthcare affordable and accessible and by promoting financial inclusion. We protect people's wealth, help them grow their assets, and empower them to save for their goals. The business has more than 18 million life customers in Asia and Africa.Prudential has been providing trusted financial security for 95 years and is listed on stock exchanges in London, Hong Kong, Singapore, and New York. We are proud to be included in the 2023 Bloomberg Gender Equality Index . The index measures gender equality across five pillars: female leadership and talent pipeline, equal pay and gender pay parity, inclusive culture, sexual harassment policies, and pro-women brand. Our inclusion in this global index is testament to our commitment to nurturing diverse talent. #BloombergGEI . Prudential plc is not affiliated in any manner with Prudential Financial, Inc., a company whose principal place of business is in the United States of America or with the Prudential Assurance Company, a subsidiary of M&G plc, a company incorporated in the United Kingdom.

People Also Considered

Data Not Available

Career Advice to Find Better