Security Architect

Security Architect (Cybersecurity and Fraud Management), Manager 2 days ago Be among the first 25 applicants Do you want to take the first step in making Filipinos’ lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation G ka ba? Join the G Nation today What You’ll Do Security Architecture & Design Lead end-to-end security architecture for platforms, applications, data, and infrastructure in multi-cloud/hybrid environments. Produce HLD/LLD, reusable reference architectures, and design patterns for critical controls (segmentation/zero trust, identity, data protection/crypto, runtime protection, observability, recovery). Embed secure‑by‑design/default principles through threat modeling, attack‑surface reduction, least privilege, and service‑to‑service trust. Security Architecture Scope (Primary) & Fraud Architecture (Preferred) Note: Candidates aren’t expected to have every domain; strong depth in some and working knowledge across others is ideal. Cybersecurity Architecture — Primary Focus Cloud & Platform: Secure landing zones, guardrails, workload identity, and scalable segmentation patterns. Identity & Access: Workforce & customer IAM patterns (federation/SSO, least privilege, privileged access). Data Security & Privacy: Classification and encryption standards; practical key management and privacy‑by‑design. Application & API: Service‑to‑service trust, API gateway & microservices patterns, secrets handling, abuse‑case–aware designs. Detection & Resilience: Telemetry baselines, reference detection patterns, continuity/recovery architecture. Fraud Management Architecture — Preferred/Plus Secure Integrations: Safe data flows to risk engines, behavioral analytics, and device intelligence; align fraud signals with security detections. Governance: Support rule/model governance (explainability, lineage, rollback) with privacy‑preserving designs. Product Partnership: Collaborate with Fraud PO/Tribe on capability roadmaps and OKRs; treat fraud controls as first‑class architecture components. Governance, Patterns, Standards & Validation Curate and evolve Security Patterns and GCash Gold Standards; maintain a versioned library with adoption guidance, baselines, and controls mapping. Translate BSP expectations and global frameworks (ISO 27001, NIST 800-53/CSF, PCI DSS, CIS) into clear design‑time and run‑time acceptance criteria. Operate architecture reviews and threat modeling; track risks and decisions to closure with auditable evidence. Lead security validation: ASV/BAS, attack‑path analysis, purple‑team exercises, chaos/resilience testing, and continuous control monitoring with evidence automation. Technology Evaluation & Partnerships Run market scans, RFP/RFQ, bake‑offs, and PoCs; evaluate fit, integration complexity, telemetry quality (OCSF where applicable), and total cost of ownership. Work closely with Product Owners and Tribe Leads to map capability gaps → epics → increments, aligning choices to value streams and OKRs. Negotiate with vendors on SLAs, security commitments (SBOM/VEX, secure configs), scalability, and commercials/ELAs; define exit criteria to avoid lock‑in. Establish joint success plans (enablement, runbooks, adoption KPIs), manage escalations, and influence vendor roadmaps to GCash needs. Maintain a curated tech radar (adopt/trial/assess/hold) and drive rationalization across the stack. Ways of Working (Agile & Collaborative) Embed with Tribes/Squads; participate in backlog refinement, sprint planning/reviews/retros to land security without blocking delivery. Define security Definition of Ready/Done and light policy‑as‑code guardrails so squads can self‑serve safe defaults. Provide clear design decisions and trade‑offs; mentor engineers and contribute to internal guilds/chapters. What You’ll Bring Must-have 7+ years in security architecture/engineering with shipped, large‑scale systems (finserv/fintech a plus). Depth in at least two of: cloud/platform security, identity & access, data protection/crypto, network segmentation/zero trust, platform/endpoint security; working knowledge across adjacent domains. Hands‑on familiarity with Kubernetes/containers, service mesh, API gateways, IaC (e.g., Terraform), secrets management, and modern telemetry. Strong threat modeling, architectural documentation, stakeholder communication, and decision‑recording skills. Familiarity with BSP regulations and global frameworks (ISO 27001, NIST 800-53/CSF, PCI DSS, CIS Benchmarks, MITRE ATT&CK). Nice-to-have Exposure to fraud/risk tech (risk engines, behavioral analytics, device intelligence) and model governance. Experience with SIEM/XDR/SOAR/UEBA, CNAPP/CSPM, API security platforms, PAM/IGA/CIAM, and data protection stacks (KMS/HSM, tokenization). Track record leading RFPs/PoCs and negotiating commercial/technical terms with vendors and cloud providers. What We Offer Opportunity for career growth and development in the #1 FinTech company in the country. Working with a dynamic and highly collaborative team who want to change the game. A company that values their people with highly competitive and flexible compensation and benefits package. Referrals increase your chances of interviewing at GCash by 2x. Seniority level Mid‑Senior level Employment type Full‑time Job function Information Technology #J-18808-Ljbffr