Security architect

Is responsible for assisting in managing the operational technology risk of the banking business, in accordance with the banks' risk appetite employing an effective risk management to identify, measure, monitor and control risk.

Role responsibilities include analyzing systems, processes, and controls with a Technology view to ensure corporate and information security policies and standards are effectively applied to minimize the risk of financial losses, operational inefficiencies and statutory non-compliances caused by the lack of controls or effective governance.

The security architect performs technology risk assessments; monitors applications and infrastructure vulnerabilities as well as End Of Life technology and their remediation status; reviews technology controls to identify control weaknesses; and provides expert advice and oversight to issues identified by the lines of defense.

The specialist also manages and aggregates data to report to different audiences to provide a clear understanding of all material current and emerging risks, enabling the organization to manage them proactively and effectively.

Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation, safeguarding the bank, its clients and assets, by driving compliance with applicable corporate policies, standards, and regulations, applying sound ethical judgment regarding personal behavior, conduct and business practices, escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others, creating accountability with those who fail to maintain these standards

Responsibilities

• Supports and oversees front line units to identify and manage relevant processes, risks, and controls to ensure compliance with corporate policies and standards including (but not limited to) application management, data management, information security, and business continuity policies for changes aiming to introduce new features and changes to existing features for payments products such as SPEI, SPID, TEF, Direct Debit, Checks, and SWIFT
• Supports and oversees front line units to identify and manage relevant processes, risks, and controls to ensure compliance with regulations issued by bodies such as the Mexican Banking and Securities National Commission (CNBV) and the Central Mexican Bank (Banxico)
• Supports, challenges, and oversees front line units to keep current the system process inventory
• Independently assess' risks and drive actions to address the root causes that persistently lead to operational technology risk losses by challenging both historical and proposed practices
• Analyzes a multitude of scorecards/performance management tools to mitigate exposure derived from operational technology risk
• Serves as a subject matter expert for issue management (KPI/KRI/Corrective Action Plans)
• Develops and maintains relationships across the business users and lines of defense to better understand and deliver customer requirements by responding to changes in the internal and external business environment
• Provides guidance and support to the Technology team for implementing secured by design solutions that meets the desired level of compliance maturity
• Supports and challenges front line units' controls design, test, execution, and monitoring
• Partners with front line units to perform risk assessments in accordance with corporate policies, standards, and applicable regulations, to identify control weaknesses, recommend preventive and corrective actions, and assist during test controls and remediation plans
• Contribute to the rollout and optimization of the corporate risk framework and the corporate single process inventory to remain effective and relevant through identification, implementation and refinement of critical processes, solutions, policies, procedures KPIs/KRIs and other techniques
• Assists front line units during operational and technology risk incident identification and registration into the Technology and Operational Risk system
• Tracks remediation status for application and infrastructure vulnerabilities and non-permitted technology. Supervises establishment of appropriate go-to-green plans, remediation extension, or user acceptance exceptions, when required
• Assists coordination and tracking of internal and external (regulatory) technology audits, including scope of audits, parties involved, timelines, auditing agencies and outcomes. Works with auditors as appropriate to keep audit focus in scope. Maintains excellent relationships with audit entities and provide a consistent perspective that continually puts the organization in its best light. Provides guidance, evaluation, and advocacy on audit responses.
• Prepares materials with relevant operational technology risk and control information for the domestic Risk, Control, and Audit committees and Board of Directors, as well as regional or global forums, as appropriate
• Participates actively in the Mexican Banking Association (ABM) Internal Control, Operational Risk, and Cyber-Security committees
• Advises on and promote the importance of risk management in and outside of the Technology space
• Acts as SME to senior stakeholders and/or other team members

Experience

• Bachelor's degree in Computer Science, Business Administration, Finance, Actuary or similar
• 5+ years of experience in a combination of risk management, compliance, or information security roles in the Technology domain in the financial, consultancy or pharmaceutical industry successfully managing internal control, audit risk or operational risk programs
• Broad experience in large and complex business environments with a successful track record working directly with senior level management with at least 3 years of experience in one or more of the following domains: access control, telecom and network security, risk management, software development security, cryptography, security architecture and design, banking regulations, technology or security audit, technology, or security compliance
• Demonstrated ability to apply Technology related knowledge and experience in solving compliance issues. Familiar with a broad range of technical concepts such as logical access control, agile development process, secure coding principles, security architecture, information security, network security, and data privacy
• Experience performing information security audits or risk assessments
• Clear understanding of risk management practices in general and security risk management best practices and methodologies specifically
• Ability to communicate in a clear and concise manner with all levels of an organization and convey complicated technology and security concepts to technical and non-technical stakeholders.
• Has the ability to operate with a limited level of direct supervision. Can exercise independence of judgement and autonomy
• Excellent project management and organizational skills with the ability to meet deadlines and quickly establish clear priorities. Excellent interpersonal, communication, and presentation skills, including formal report writing experience
• Fluent in Spanish and English

Highly Desirable

• Experience in the financial industry is preferred, particularly in payments systems such as SPEI, SPID, TEF, SWIFT, and products such as Direct Debit and Checks. Knowledge of SPEI, SPID and Indeval operational risk and information security requirements, and cash equities best execution algorithm.