The role will work as a member of the Global Cybersecurity organization - Security Architecture team, which is focused on improving technology and architecture decision-making through collaboration with management, staff and customers on technology strategy, enterprise architecture, and investments in strategic security technology.
The individual, with a broad cybersecurity plus systems and network architecture knowledge and experience, will deliver security assessments while supporting our direction, lifecycle management and leadership for security architecture and technology. The individual will perform a key role in Security assessments while supporting various critical initiatives through the identification, analysis, evaluation, lifecycle management and adoption of security architectures and technologies. This individual will work closely with other security functions and will provide guidance to ensure that there is coordination with their activities in technology choices. In addition, this individual will be involved with education and mentorship, supporting the delivery framework, development of technical architecture and associated documentation, as well as advanced topics of research.
- Leading and contributing to the security posture of Visa’s networks and systems, data centre infrastructures, cloud architectures and solutions
- Be a product security champion by driving Security Architecture and Design, implementation and optimization for Web, API and Mobile backend applications across Visa.
- Serving as a Cybersecurity expert to contribute to the definition/development of overall IT architecture.
- Take responsibility for working with assigned technology streams and business led projects assigned to you to ensure they are aligned with Visa’s Security Policies, Architecture design principles, Technical Security Requirements and other required internal/external standards.
- Developing, contributing and management of Security Architecture Specifications, Security Architecture Analysis, Threat-Modelling, Security Requirements, Security Standards and Design Patterns, Reference Architectures, Security Strategies and Roadmaps
- Applying security framework principles to developed & support security solutions
- Providing strategic points of view for security solutions and security industry events
- Driving security technologies evaluation process, proof-of-concepts, and production pilots with business and cyber technology partners
- Building strong cross-organizational relationships and effectively influencing staff across the IT organization and product groups
- Managing the lifecycle of security technologies
- Working closely with the other technology architects to ensure that security is properly embedded in their technology domains architectures
- Evaluating and assessing risk as part of lifecycle management
- Staying current with security technologies and making recommendations for use based on business value
- Advising leadership on Cybersecurity issues, systems, processes, products, and services.
- Maintaining oversight of the design and implementation of IT systems & services to ensure appropriate and effective security controls are included.
- Engage in the initial requirements definition including analysis of threats and risks and alignment with Visa security, Engineering, IT and Architecture standards.
- Conduct and facilitate security reviews, threat modelling including deep design reviews throughout the development lifecycle.
- Facilitate "table-top"/red-team/scenario analysis exercises in conjunction with other SME's; and plan the resolution of any identified vulnerabilities/issues.
- Identify and analyse system and application level vulnerabilities to provide recommended counter measures or mitigating controls that reduce risk to an acceptable and manageable level.
- 5 or more years of relevant work experience with a Bachelor’s Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD
- 6 or more years of work experience with a Bachelor’s Degree or 4 or more years of relevant experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or up to 3 years of relevant experience with a PhD
- Significant Cybersecurity, Architecture and Design experience in Networks, Data Centre Systems, and Cloud Infrastructure and Platforms (IaaS security, PaaS security)
- Strong experience in threat-modelling of complex systems
- Comprehensive Cybersecurity consulting and security assessment experience in a relevant industry
- Experience in delivering comprehensive architecture specifications for complex security solutions
- Experience with creating or contributing to technical documentation: product documentation, technology and systems/network architecture, and or technical whitepapers.
- Strong working experience with the following security technologies: Firewalls, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAF, Wireless LAN, NAC, DLP, DDoS Mitigation, WAN security, SIEM, Content Filtering, Cloud Security gateways, Secure Proxies, SSL crypto solutions
- Experience with open source based security technologies
- Strong knowledge and working experience with SDN (Software-Defined Networking), NFV (Network Function Virtualization), and network virtualization/overlays
- Strong hands on cloud architecture, with knowledge and working experience in: OpenStack, Cloud Foundry, Server Virtualization hypervisors (KVM, Xen, Hyper-V, VSphere), Linux Containers technologies (Docker, Mesos, Kubernetes), and distributed computing
- Programming/coding and DevOps experience is a plus (Python, Ansible, Chef)
- Solid understanding of and ability to speak authoritatively to security principles in areas such as network, systems, virtualization, cloud technologies, access control.
- Proven ability to troubleshoot and resolve complex technical issues at Expert level.
- Experience integrating multiple vendor products
- Preferred certifications include: CISSP, OpenStack Certification, TOGAF, SABSA
- Hands-on experience and strong understanding of technology and enterprise security
- Strong understanding of relevant Industry Principles, Best Practices, and Standards, such as PCI, NIST, ISO, IEEE, and TCG
- Experience working in a global organisation with the need to deliver regional requirements
- Strong cross-domain and cross-functional knowledge that will enable design of the best possible security technology solutions.
- Has solid understanding of the SSDLC process and follows the process to effectively develop and design solutions.
- Skilled to liaise with and influence multiple stakeholders in a matrix environment
- Ability to function as an individual contributor and mentor/leader detached from the corporate environment
Please Note: Due to the COVID-19 pandemic and the evolving visa/travel restrictions in place, we are currently only able to extend offers to candidates with the right to work in Singapore. We are keeping the situation under close review and will adjust accordingly should the restrictive measures be lifted.Additional InformationVisa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.
Job Number: REF004432W