BBVA
BBVA is a global company with over 160 years of history that operates in more than 25 countries, serving over 80 million customers. We are a team of 121,000 professionals working in multidisciplinary teams with diverse profiles.
About the job:
As a Security Architect in the Commercial Client Solutions Engineering team, you will support technological transformation projects within Commercial & Institutional Client Solutions.
Your work will involve collaboration with the Architecture Solutions team and close interaction with technical leaders and Product Owners to equip our clients with new capabilities and improve their lives.
As a global area, projects in Commercial & Institutional Client Solutions aim to reach geographies where BBVA operates, providing opportunities to work in multicultural ecosystems with a strong emphasis on diversity, innovation, and technology creation.
Responsibilities:
* Understanding business processes and architectures to conduct security analysis from a technological perspective.
* Completing and validating Security Models, establishing and designing low-level security controls and processes.
* Managing trade-offs to meet business needs while addressing associated security risks.
* Acting as the technical security reference for the Engineering team, assisting all project stakeholders in decision-making.
* Supporting non-financial risk areas in technology risk management, ensuring compliance with prescribed measures.
* Staying updated on new technologies, threats, and security capabilities, and helping to find technological solutions for new vulnerabilities.
Requirements:
* Bachelor's degree in Information Systems Engineering, Telecommunications, or a similar field.
* Master's degree in Cybersecurity or security certifications (CISSP or similar) is a plus.
* Minimum of 10 years of experience in cybersecurity, with at least 5 years as a Security Architect.
* Knowledge of web and mobile architecture environments, web servers, APIs, and session-less services.
* Familiarity with protocols such as GRPC, TLS/SSL, SSH, FTP, SMB, ODBC.
* Experience with Public Clouds, particularly security in AWS.
* Understanding of authentication and authorization protocols: SAML, OpenID Connect, OAUTH 2.0, Multi-factor auth-N.
* Knowledge of cryptography, digital certificates, digital signatures, etc.
* Familiarity with security systems and networks: Firewalls, Reverse Proxies, Authentication Repositories (LDAP), Identity Management Systems, DLPs, RDPs, etc.
* Knowledge of data protection: Information classification, handling information at rest and in transit.
* Experience with different operating systems (UNIX/Linux, Windows): Hardening, protection measures, virtualization.
* Knowledge of security regulations (PCI, GDPR) and directives like PSD2 related to banking business is valuable.
* Understanding of security standards and risk management: ISO27001, SOC2.
Additionally:
* Teamwork skills, a feedback culture, and leadership abilities.
* Negotiation skills.
* Adaptability to change.
* A strong appetite for technological knowledge.
Skills:
* Application Security Architecture, IT Security Architecture, Project Management, Security Architecture Design.