Security Architect

Location: OCBC Singapore

Remote Type: Onsite

Time Type: Full time

Job Description

WHO WE ARE:

As Singapore’s longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

 Today, we’re on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia’s leading financial services partner for a sustainable future.

 We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.

Your Opportunity Starts Here.

Job Description

• Align Solution Design with Enterprise Strategy

• Ensure security architecture aligns with enterprise risk appetite, regulatory obligations, and zero-trust strategy across infrastructure and cloud.

• Deliver Comprehensive Solutions Design Artefacts

• Deliver HLD/MLD, deployment architectures, and executable blueprints for network security, endpoint/EDR, SIEM/SOAR, data protection/DLP, key management/HSM, and PAM/IGA.

• Define and Evolve Architecture Design Patterns

• Define security reference architectures and control standards mapped to frameworks (e.g., NIST, ISO 27001); codify guardrails, detection-as-code, and hardening baselines.

• Deep Domain Expertise with Agility

• Deep expertise in identity-centric security, zero trust, micro-segmentation, encryption, secrets management, vulnerability/threat management, and application of DevSecOps.

• Collaborate and Govern Effectively

• Lead architecture risk assessments and threat modeling; govern exceptions and technical debt remediation with clear risk narratives.

• Hands-On Engagement with Delivery Teams

• Embed with delivery and operations to ensure secure-by-default implementations, blue/green controls, and effective runbooks/IR playbooks.

• Provide Expert Guidance and Support

• Advise on compliance (e.g., MAS TRM/PCI-DSS/PDPA/GDPR), pen-test remediation, and security posture management; mentor teams on secure design.

Qualifications

• 10+ years in security architecture or engineering covering on-prem and cloud.

• Practical experience with SIEM/SOAR, EDR/NDR, WAF, DDoS protection, data security (DLP, tokenization), KMS/HSM, and certificate/PKI.

• Identity and access controls across workforce and workload identities; zero-trust patterns, micro-segmentation, and ZTNA.

• DevSecOps, threat modeling, and security testing integration into CI/CD.

• Familiarity with risk and control frameworks (NIST CSF, ISO 27001) and regional regulations (e.g., MAS TRM) as applicable.

• Ability to produce reference architectures, standards, and executable guardrails/policies-as-code.

• Certifications such as CISSP, CCSP, SABSA, or CISM are advantageous.

What we offer:

Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.