Chief Security Architect
Finastra
Total years of experience :3 years, 2 Months
• Driving security posture maturity for about 200 products/applications with the help of around over 20 security champions, several architects and development leads.
• Leading in threat modelling, design reviews, and spot check peer code reviews as part of the secure development lifecycle.
• Evaluating risk and governing release signoff against Government of Canada standards such as the RCMP TRA model and ITSG-33 frameworks.
• Driving security requirements into Architecture Review Board owned by Enterprise Architecture and providing security signoff at several stages.
• Providing support to the dev teams to enhance the secure development lifecycle and automated security testing as part of the CI/CD pipelines.
• Helping to respond to questions driven by various audits such as SOC 2, banking client questionnaires, PCI requirements, NIST 800-53 etc.
• Assess security solutions and their compliance against contractual obligations which includes data residency requirements and regulations such as GDPR and PIPEDA.
• Assessing the application security maturity and building enhancement plans by
utilizing OWASP, SAMM and BSIMM continuous compliance audits.
• Working with the CRO and CISO teams to provide visibility into the security risks and compliance status against corporate standards.
• Helping onboarding products on WAF and creating related incident response processes.
• Assisting in assessing and integrating data governance requirements across the architecture.
• As a member of the Product and Data Security Leadership team, working with global product and security teams to identify program gaps and finalize target state roadmaps for the CISO which includes product, data and infrastructure security components.
• Performing research to evaluate and recommend technology solutions based on the latest technology trends, application capabilities, and best practices. Recent work relates to threat modelling, API security, security tool integration, supply chain risks and WAF.
Telecom/DSP and Computers Engineering