Description :

Role Purpose :

The AVP Security Architecture is responsible for leading, governing, and embedding secure application architecture across the enterprise, ensuring that security is integrated throughout the software development lifecycle (SDLC) and aligned with enterprise risk, regulatory, and compliance requirements.

This role drives the organizations secure-by-design strategy across on-premises, cloud, and hybrid environments, with a strong emphasis on modern technologies, including AI and Agentic AI systems, DevOps pipelines, and SaaS platforms.

As a strategic security authority and trusted advisor, the role provides expert guidance on secure application patterns, cloud security configurations, and AI governance, while overseeing architecture reviews, threat modeling, and application-level risk assessments to enable secure innovation at scale.

Key Responsibilities :

Security Architecture & Secure-by-Design Leadership :

- Lead the assessment and governance of secure application architectures across enterprise platforms and initiatives.

- Define, implement, and enforce secure-by-design principles across application development, cloud adoption, and AI programs.

- Establish and maintain secure architecture standards, reference architectures, and design patterns.

Application, Cloud & AI Security :

- Provide expert guidance on secure application design, cloud-native security controls, and SaaS security architectures.

- Lead security oversight for AI and Agentic AI systems, covering data protection, model security, access controls, and AI governance.

- Review and approve cloud security configurations across IaaS, PaaS, and SaaS environments.

Architecture Reviews & Risk Management :

- Conduct and oversee security architecture reviews, threat modeling exercises, and application risk assessments.

- Identify, evaluate, and manage application, cloud, and AI-related risks early in the solution lifecycle.

- Ensure security requirements are fully addressed prior to solution go-lives, integrations, and major releases.

DevSecOps & SDLC Integration :

- Embed security controls into DevOps and CI/CD pipelines, enabling automated and secure development practices.

- Partner with engineering teams to operationalize DevSecOps, secure coding standards, and security testing.

- Balance security rigor with delivery velocity, ensuring risk posture is not compromised.

Governance, Compliance & Change Management :

- Support enterprise change management processes by reviewing security aspects of deployments and integrations.

- Ensure compliance with internal security policies, regulatory obligations, and risk management frameworks.

- Act as a key contributor to architecture governance forums and risk committees.

Stakeholder Engagement & Leadership :

- Serve as a key liaison between Security, Application Development, Infrastructure, Cloud, and Risk teams.

- Provide clear, actionable security guidance to senior stakeholders and technology leadership.

- Influence enterprise technology decisions to enable secure, scalable innovation.

- Mentor and guide security architects and senior engineers within the ISG function.

Experience Requirement :

- 12 to 18 years of overall experience in Information Security / Technology Risk / Security Architecture, including:

- 68+ years in Application Security, Security Architecture, or Secure SDLC roles

- Demonstrated experience operating at enterprise or group-wide architecture governance level

Key Result Areas (KRAs) :

- Effective implementation of secure-by-design architecture across applications and platforms

- Early identification and mitigation of application, cloud, and AI security risks

- High-quality and consistent security architecture reviews and threat modeling outcomes

- Strong alignment between security, delivery, and business objectives

- Reduced security findings at go-live and post-deployment stages

- Improved maturity of DevSecOps and AI security governance

Key Requirements :

Experience & Expertise :

- Extensive experience in security architecture, application security, and enterprise security governance.

- Strong background in banking or regulated financial services environments.

- Proven ability to drive secure application and cloud architectures across large organizations.

- Hands-on expertise in threat modeling, security design reviews, and architecture risk assessments.

- Strong understanding of AI / ML security risks, governance, and control frameworks.

- Experience embedding security into DevOps / CI-CD pipelines.

Technical Knowledge :

- Secure application architecture and secure coding principles

- Cloud security (on-prem, cloud, hybrid, SaaS)

- DevSecOps and SDLC security integration

- Identity & access management, data protection, encryption

- AI / Agentic AI security and governance

Leadership & Soft Skills :

- Strong stakeholder management and influencing skills across technology and risk teams

- Ability to operate at both strategic and execution levels

- Excellent communication, judgment, and decision-making capabilities

- Proven ability to lead through collaboration rather than control