Head of IT Security and Architecture
TONIK FINANCIAL PTE. LTD.
Aboutthe Job
The Head of IT Security and Architecture owns both the security and architectural backbone of Tonik Bank's technology estate. This role is responsible for developing, implementing, and managing the organisation's overall IT security strategy, policies, and incident response capability, while simultaneously driving the architectural strategy for Microservices and Event-Driven Architecture, with a focus on Serverless technologies. You will play a pivotal role in protecting the bank's data, systems, and networks, while designing and evolving a secure, scalable technology landscape that supports Tonik's mission and growth.
Job Responsibilities
• Security Strategic Planning: Develop and maintain the organisation's IT security strategy in alignment with business goals and industry best practices. Assess current security infrastructure and identify areas for improvement.
• Architectural Strategy: Develop and maintain the architectural strategy for Microservices and Event-Driven Architecture, keeping it aligned with the bank's business goals and technical vision.
• Policy and Procedure Development: Create, implement, and enforce IT security policies, procedures, and guidelines. Ensure compliance with relevant regulations and standards (e.g.,GDPR, HIPAA, ISO 27001).
• Security Architecture: Design and oversee the implementation of secure IT architectures, including network and system configurations. Evaluate and recommend security technologies and solutions.
• Architecture Design and Governance: Collaborate with cross-functional teams to design and oversee scalable, resilient architecture solutions. Establish best practices, guidelines, and governance for Microservices development to ensure consistency, quality, and security.
• Event-Driven Architecture and Serverless Integration: Drive the adoption of Event-Driven Architecture patterns and technologies, enabling real-time data flow and efficient communication between systems. Leverage Serverless technologies to build highly available and cost-efficient solutions.
• Security Operations: Monitor, analyse, and respond to security incidents and breaches. Conduct regular security assessments, vulnerability assessments, and penetration testing. Establish and lead incident response efforts when necessary.
• Security Awareness and Training: Develop and deliver security awareness programs for employees, contractors, and stakeholders. Provide training and guidance on security best practices, as well as architectural standards.
• Risk Management and Compliance: Identify and assess security and architectural risks, and develop risk mitigation strategies. Ensure all architecture and design decisions comply with security and regulatory requirements.
• Performance Optimisation: Continuously monitor and optimise system performance, focusing on latency, scalability, and reliability, across both security and architecture domains.
• Vendor and Third-Party Management: Evaluate and manage third-party security vendors, technologies, and services, ensuring alignment with the architecture strategy and compliance with security standards.
• Documentation and Training: Create and maintain architectural and security documentation, and provide training to teams on best practices and technology standards.
• Team Leadership: Build and lead a high-performing team spanning security and architecture disciplines. Provide mentorship, guidance, and professional development opportunities, and foster a culture of innovation and collaboration.
• Budget Management: Develop and manage the combined security and architecture budget, ensuring cost-effective, high-impact investment in tools, technologies, and talent.
Preferred Experience and Qualifications
• Bachelor's or Master's degree in Information Security, Computer Science, or a related field.
• Industry-recognised security certifications (e.g., CISSP, CISM, CISA) preferred.
• Proven experience in IT security leadership roles, with a track record of successfully managing security initiatives.
• Proven experience in designing and implementing Microservices and Event-Driven Architecture, with a strong focus on Serverless technologies.
• Extensive experience in software development and architecture, with a deep understanding of modern technology stacks and cloud platforms (e.g., AWS, Azure, GCP).
• In-depth knowledge of cybersecurity technologies, tools, and best practices.
• Strong understanding of regulatory requirements and compliance standards.
• Knowledgeof DevOps and CI/CD principles, and familiarity with agile methodologies.
• Strong leadership and team management skills, with excellent communication and interpersonal abilities.
• Strong analytical and problem-solving skills, with the ability to collaborate across cross-functional teams.
• Prior experience in the banking or financial industry is a plus.
Who Are We Looking For
• Willingness to go the extra mile for success.
• A talented individual who embodies our company's core values of teamwork, honesty, reliability, sense of humour and street smart.
• Energetic and lively.
• As ourapproach to banking is far from ordinary, we are looking for an innovative and creative individual to join our team.
About Tonik
We are a transformative digital bank with a mission to revolutionize the way money works. We create better financial products for the world by encouraging inclusivity through simplifying processes, reducing costs, improving transparency, and embracing flexibility to empower more people with unique financial needs. All these are on the most secure mobile banking platform. To enable this, innovation is woven into the DNA of our company. We do not just search for the best talent, but for people who seek to challenge the status quo and are passionate about transforming the impossible into reality.
Tonik (www.tonikbank.com) is the first digital-only neo bank in the Philippines, providing loan, deposit, payment, and card products to consumers on a highly secure digital banking platform. The neo bank operates based on the first private digital bank license issued by the Bangko Sentral ng Pilipinas. Tonik is led by a team of retail finance veterans who have previously built and scaled multiple retail banks and fintech's across the global emerging markets. It is backed by top international venture capital funds. Tonik operates out of hubs in Singapore (HQ), Manila, Chennai, and Kyiv.