Product Security Architect

The Product Security Architect is the owner of IAM (Identity and Access Management) of DANA Application and DANA Platform. The role is responsible to define the architecture design, the planning, the building/development, the delivery, and support of the IAM program in DANA Application and DANA Platform as a whole. This role will provide direction and guidance to the roadmap development, specifications, and communications of the IAM application and architecture, as well as provide in-depth technical expertise to the business units and Engineering, and monitoring of IAM in Production.

Tasks and Responsibilities
The Product Security Architect fulfills the following tasks:
• Design the Architecture of strong IAM in DANA Application and DANA Platform using the most advanced attainable technology tools and implementations to meet Confidentiality Requirements as well Compliance Requirements. The goal is to protect users from attempts of Account Take Over, to make Social Engineering attempts harder, and to protect users’ data and DANA assets from unauthorized access.
• Aligns IAM processes in DANA Application and DANA Platform with Business Outcomes. Among others, increasing KYC users by making secured frictionless KYC process, increasing Users Transactions by making frictionless IAM, etc.
• Lead IAM Innovation Process, by doing continuous Research in IAM Technologies and Methods, evaluates (PoC) existing and emerging IAM Technologies and Methods, and driving adoption of better solutions in DANA IAM Roadmap.
• Identifies the broader impact of current decisions related to user access, data access and information security, including The Economics of the IAM design, implementation, and operation.
• Identifies and evaluates complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement.
• Monitor IAM systems performance in Operations, its effectiveness, its Unit Economics, and lead and drive continuous improvements.

Requirements
A successful Product Security Architect candidate will have the expertise and skills described below.

Education, Training and Previous Experience
● Bachelor’s degree in computer science, information systems, cybersecurity, or a related field.
● Real-World Shipment of IAM Implementation in Mobile Applications, Web, and APIs of Hyperscale Digital Platforms, preferably in Fintech.
● Experience in IAM technology implementation, including architecting, developing, implementing, and integrating IAM systems.

Desired, but not required:
● Professional Certifications in Information Systems Security.

Technical and Business Experience
● Expert understanding of web security standards, architecture, web security best practices and application security best practices. Exposure and Basic Understanding of Network Security, Servers and Hosts Security, Database Security, Software Development Security, Securing
Mobile Apps, Web Apps and APIs in General.
● Experience with authentication technologies, such as Passkey, FIDO, OAuth, Biometrics, Passive Biometrics, Behavioral, OpenID Connect, Federated Identity Management, Kerberos, Active Directory, OpenLDAP, etc.
● Identity management familiarity in one or more of the following areas: single sign-on (SSO), data management, identity federation, enterprise directory architecture and design, including directory schema, directory services, namespace and replication topology experience, resource provisioning, ITIL, and process integration. Identity and access governance includes role-based access control, access request and certification, user life cycle management processes, and organizational change management.
● Expert understanding of IAM concepts, including federation, authentication, authorization, access controls, access control attacks, identity and access provisioning life cycle.

Knowledge and Skills
● Strong oral and written communication skills
● Ability to lead and manage a team independently, including cross departmental or cross division coordination and influence.
● Knowledge of agile development techniques and secure software development life cycle.
● Can translate security-related matters into business terms that are clear and understandable to executives
● Able to work with program management and procurement to ensure financial and delivery commitments are maintained
● Can deliver under tight deadlines
● Thinks outside the box when designing systems and solutions
● Able to navigate a demanding and high-pressure environment
● Can think strategically and incorporate business needs into technical roadmaps
● Strong problem-solving and trouble-shooting skills
● Can manage projects and execute on those objectives Personal Characteristics (Optional)
● Has the ability to interface with, and gain the respect of, stakeholders at all levels and roles in the company
● Is a confident, energetic self-starter, with strong interpersonal skills
● Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity
● Instinctive and creative.
● Self-motivated and possessing of a high sense of urgency and personal integrity
● Highest ethical standards and values