Security Architect

Description :

JOB TITLE : Security Architecture and ENGINEERING

Location : Bangalore

Experience : 5 -10 yrs

Overview of the Department/Section :

CLIENT is one of the world's leading financial groups. Headquartered in Tokyo and with approximately 350 years of history, CLIENT is a global network with around 2,300 offices in over 50 countries including the Americas, Europe, the Middle East and Africa, Asia and Oceania, and East Asia.. The group has over 150,000 employees, offering services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing.

As one of the top financial groups globally with a vision to be the world's most trusted, we want to attract, nurture and retain the most talented individuals in the market. The size and range of CLIENT's global business creates opportunities for our employees to stretch themselves and reap the rewards, whilst our common values, to behave with integrity and responsibility, and to build a culture which is fair, transparent, and honest, underpin everything that we do.We aim to be the financial partner of choice for our clients, whatever their requirements, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

CLIENTs shares trade on the Tokyo, Nagoya, and New York (NYSE : MTU) stock exchanges. The groups operating companies include, but are not limited to, CLIENT Bank, Mitsubishi UFJ Trust and Banking (Japan's leading trust bank), Mitsubishi UFJ Securities Holdings (one of Japan's largest securities firms), and CLIENT Americas Holdings.

Please visit our website for more information - Clientemea.com.

Technology is responsible for the operation, development and support of all technology across all areas of the local and international business. We ensure the IT strategy, architecture solutions, and service delivery are firmly aligned to business requirements and long term strategy of the group.

Technology comprises the following functions :

- Architecture and Development team - which is responsible for the provision of shared services including architecture, middleware, new systems development, quality assurance and release management.Middle, Risk and Back Office Team - which is responsible for all the applications used by these areas including the main trading system, Murex.

- Front Office Solutions - which provides a business-oriented focus to all technological developments that affect the trading floor.Infrastructure team - which supports the operation of all production services, voice and data networks, other voice systems and desktop systems.

- Programme Office and Purchasing - which is responsible for definition, prioritisation and delivery of the annual investment portfolio as well as procurement and software licence management.

- IT Risk and Control - which is responsible for implementing and managing all technology related controls over IT and information risk and business continuity, supports the provision of disaster recovery solutions, performs risk assessments, and manages business recovery plans and the business recovery facility. Information Secuity is also the responsibility of this function.

Main Purpose of the Role :

The Cyber Security Architect is responsible for defining, designing, and governing secure architecture standards across the enterprise. The role ensures that all technology solutions, IT projects, cloud platforms, and cybersecurity tools align with the organizations security strategy, regulatory expectations, and risk management frameworks.

The Architect acts as the senior security advisor for delivery teams, evaluates new solutions, drives integration of security technologies, and provides SME guidance on core cybersecurity domains and enterprise tools.

Key Responsibilities :

Security Architecture & Design :

- Develop, maintain, and publish enterprise security architecture standards, patterns, reference models, and future-state architecture roadmaps.

- Embed security architecture principles across cloud, on-prem, application, data, network, and endpoint environments.

- Review project solution designs and provide approved secure architecture recommendations including cloud security, segmentation, encryption, and monitoring requirements.

- Translate business and technology needs into secure, scalable, compliant, and cost-effective designs.

- Support secure-by-design adoption across projects, platforms, and engineering teams.

Technology Governance & Assurance :

- Conduct architectural assessments, design reviews, and security evaluations for new initiatives and major IT changes.

- Validate the configuration and integration of enterprise cybersecurity tools against architectural standards.

- Ensure adherence to regulatory and compliance frameworks (ISO 27001, NIST CSF, CIS, GDPR, RBI/SEBI guidelines, etc.).

- Maintain alignment with enterprise architecture, global cybersecurity strategy, and risk appetite.

Cybersecurity SME Domain Expertise :

- Provide deep subject-matter expertise across all core cybersecurity domains and associated security tools/platforms. The role ensures end-to-end architectural coverage, tool alignment, and technical leadership across the following :

- Cloud Security (AWS, Azure, GCP) : Architect secure cloud landing zones, policies, identity models, segmentation, and monitoring using Prisma Cloud, Wiz, Microsoft Defender for Cloud, AWS Security Hub, cloud-native firewall & IAM services, and container security platforms.

- Endpoint & Workload Protection : Design endpoint security baseline, detection models, and threat prevention architecture using EDR/XDR platforms such as CrowdStrike, Microsoft Defender, SentinelOne, and OS hardening frameworks.

- Network & Perimeter Security : Architect secure network topology, segmentation, and threat prevention using Palo Alto, Fortinet, Cisco Firewalls, Proxies, VPN, DNS Security, Zero Trust edge, and IDS/IPS technologies.

- Application & API Security : Define secure application architecture, threat modeling, DevSecOps integration, and application protection using WAFs, API Gateways, SAST/DAST tools and API security platforms.

- Data Security, Encryption & Governance : Design enterprise data protection models including encryption, DLP, data classification, tokenization, key management using DLP suites, CASB, KMS, HSMs, and data access governance tools.

- Zero Trust Architecture : Lead organization-wide adoption of Zero Trust principles such as identity-first access, micro-segmentation, continuous validation, session risk scoring, and telemetry-driven decisions across cloud, network, and applications.

Stakeholder Engagement & Advisory :

- Work as a trusted advisor to IT, Security, Cloud, Infrastructure, Application, and Business teams.

- Conduct architectural walkthroughs and provide guidance to project managers, technical engineers, and operations teams.

- Support vendor evaluations and conduct security due diligence on third-party solutions.

Documentation & Communication :

- Produce architecture blueprints, HLD/LLD documents, security patterns, and integration diagrams.

- Document design gaps, risks, mitigations, and deliver clear technical recommendations.

- Maintain security reference architectures and reusable templates for enterprise-wide use.

Skills and Experience :

Education and Experience :

- Strong secondary-level education is required, ideally to A-level or equivalent standard, in a technical or analytical discipline.

- A university degree is not essential, though a qualification in Cyber Security, Information Technology, Risk Management, or a related field would be considered advantageous.

- 8+ years of experience in cyber security or information security roles.

Knowledge and Skills :

- Strong understanding of enterprise security architecture, frameworks, and best practices.

- Expertise across cybersecurity domains such as cloud, network, endpoint, application, data security, and monitoring.

- Experience with security tools and platforms for data, endpoint protection and cloud security.

- Knowledge of risk assessment and secure design principles.

- Ability to design secure architectures, review solutions, and provide guidance to technical teams.

Success Measures :

- Timely review and approval of project architectures for security compliance.

- Effective integration and optimization of security tools across domains.

- Mitigation of identified risks through architecture guidance.

- Adoption of secure design principles and Zero Trust practices.

Soft Skills :

- Strong communication skills to translate complex technical concepts to executives, business, and technical teams.

- Excellent stakeholder management and influencing skills across cross-functional teams.

- Strategic thinking and problem-solving to make risk-based decisions.

- Leadership & mentoring : guiding junior architects and cybersecurity engineers.

- Collaboration skills for working with IT, Cloud, Security Operations, Application, and Project teams.

- Strong analytical skills for evaluating technologies, risks, and architectural trade-offs.

Certifications (Nice to have) :

- Security certifications : CISSP, CCSP, CISM, CEH, GCP/Azure/AWS Security Specialty, or any relevant architecture certification.

Desired but not necessary :

- Exposure to Zero Trust initiatives, SASE, DevSecOps, threat modeling frameworks, and container security.

- Familiarity with automation (Python, PowerShell, Terraform), IaC security, and CI/CD pipelines.

Personal Requirements :

- Excellent communication skills

- Results driven, with a strong sense of accountability

- A proactive, motivated approach.

- The ability to operate with urgency and prioritise work accordingly

- Strong decision making skills, the ability to demonstrate sound judgement

- A structured and logical approach to work

- Strong problem solving skills

- A creative and innovative approach to work

- Excellent interpersonal skills

- The ability to manage large workloads and tight deadlines

- Excellent attention to detail and accuracy

- A calm approach, with the ability to perform well in a pressurised environment