???? Role Purpose The Principal IT Security Engineer will lead the establishment of the Bank’s overall cybersecurity posture during the foundational phase. This role is accountable for defining security architecture, selecting security tools and technologies, establishing operational models, and ensuring alignment with regulatory, risk, and business objectives. This role combines strategic leadership, deep technical expertise, and hands-on guidance to build a scalable, compliant, and resilient security capability.
???? Key Responsibilities Security Strategy & Architecture Define the Enterprise cybersecurity architecture covering on-prem, cloud, endpoint, network, identity, and data security. Establish security design principles, standards, baselines, and reference architectures. Translate regulatory, audit, and risk requirements into technical security controls. Define the target-state security operating model (SOC, IR, IAM, Cloud Security, Vulnerability Management).
Tooling Strategy & Technology Selection Lead evaluation, selection, and roadmap definition for security tools including:SIEM/SOAREndpoint Detection and Response (EDR/XDR) Identity and Access Management (IAM/PAM) Cloud Security (CSPM, CWPP, CASB) Vulnerability Management Data Loss Prevention (DLP) Develop tool selection criteria, proof-of-concepts (PoCs), and vendor assessments. Ensure interoperability, scalability, and regulatory compliance of selected technologies.
Security Governance & Regulatory Alignment Ensure security controls align with regulatory requirements, audit expectations, and industry standards (e.g., ISO 27001, NIST, PCI, local banking regulations). Lead remediation of findings from regulators, auditors, penetration tests, and internal assessments. Provide executive-level security risk assessments and recommendations.
Leadership & Team Development Build, lead, and mentor a high-performing security engineering and operations team. Define roles, responsibilities, and skill requirements for security teams. Promote continuous learning, certification, and technical excellence. Provide coaching, performance management, and succession planning.
Stakeholder & Program Leadership Act as the primary security engineering advisor to IT, Cloud, Infrastructure, and Application teams. Lead security input for major IT initiatives, cloud migrations, and system integrations. Engage with internal customers and senior stakeholders to align expectations and priorities.