Application Security Architect - Java- Banking

This is an excellent opportunity for an Application Security Architect to work with a Challenger bank during their massive digital transformation. This is a chance to act as the security lead in an application development delivery team working across a complex hybrid tech stack. Operating with independence, you will be in a critical position to influence the security posture of critical Bank systems while collaborating closely with engineers, product managers, and business stakeholders., * Risk and Control Assessments - You will lead risk & control assessments using the Banks defined processes, covering supplier due diligence, privacy impact assessments and project security.

• Risk Management - You will support your workstream identify and articulate risks, steering them towards appropriate treatment plans, documenting mitigating controls and ensuring these are actions within agreed timeframes.
• You will operate in line with the Bank's Risk Management framework (including sub-frameworks) and relevant risk and compliance policies and procedures, ensuring appropriate and timely escalation of any concerns to your line manager.
• Advisory - You will provide specialist advice and interpretation of Information Security best practice and UK regulatory requirements to a range of different stakeholders as new products, processes and systems are developed.
• You will need to be aware of your own knowledge gaps and when & where to seek specialist input to solve a particular problem or query
• Subject Matter Expertise - You will develop a deep knowledge of the Banks secure change processes and procedures, shepherding your workstream through various assessments and approval gates
• Relationship Management - You will build deep, trust based relationships with key stakeholders within your delivery team such as developers, testers, product managers, delivery leads and tech leads.
• You will be an active member of the delivery team, attending daily stand-ups, PI planning sessions and working groups.

• Application Security - Solid, practical and demonstrable experience of integrating application security controls (technical and non technical aspects), covering SDLC and secure coding practices, into CI/CD pipelines. Understanding of cloud security, microservices and modern architecture.
• Privacy - You don't need to be a privacy expert but you will require a good understanding of core privacy concepts and how these apply to technology change initiatives
• Technology Change - Demonstrable experience of supporting technology change initiatives to deliver solutions securely
• Risk and Control Assessments - Although your primary focus will be SDLC and secure coding practices, you'll also need experience of undertaking security assessments of complex systems and platforms.