Skip to content

Senior Security Architect

Job Title: Senior Security Architect

Department: Information Security

Reports to: Chief Digital Officer

Role Overview:

We are seeking an experienced Senior Security Architect to join Simpaisa Holdings, a DFSA-regulated cross-border payments and remittances firm operating across the Middle East and South Asia. The ideal candidate will be responsible for designing and implementing the security architecture for the organisation's systems and applications, encompassing network security, application security, data security, and payment system security (including PCI-DSS Cardholder Data Environment design). Strong expertise in security principles, frameworks, and technologies, ensuring the confidentiality, integrity, and availability of information assets across multiple regulatory jurisdictions, is essential. Experience with threat modelling for payment flows (Pay-Ins, Pay-Outs, FX, settlement, reconciliation, merchant processing) and expertise in agile methodologies and collaborating with development and infrastructure teams is also preferable.

Key Responsibilities:

  • Develop and maintain the organisation's security architecture framework, standards, and guidelines, aligned with DFSA, SBP, and SAMA regulatory requirements.
  • Design secure solutions for new and existing payment systems and applications, incorporating security best practices, PCI-DSS requirements, and defence-in-depth principles.
  • Architect and maintain the PCI-DSS Cardholder Data Environment (CDE), ensuring network segmentation, encryption, and access controls meet compliance standards.
  • Conduct threat modelling for cross-border payment flows, including Pay-In/Pay-Out channels, FX processing, settlement, reconciliation, and merchant-facing APIs.
  • Conduct security risk assessments and identify vulnerabilities in systems and applications, with particular focus on payment processing infrastructure.
  • Define security requirements and ensure they are integrated into the software development lifecycle (SDLC) and infrastructure deployment processes, including Bitbucket pipeline security.
  • Evaluate and recommend security technologies, tools, and services to enhance the organisation's security posture across all operating jurisdictions.
  • Develop and implement security policies, procedures, and controls to mitigate identified risks, ensuring alignment with ISO 27001, PCI-DSS, SWIFT CSP, and AML/CTF obligations.
  • Provide technical guidance and support to development, engineering, and operations teams on security-related matters, including secure API design and cryptographic key management.
  • Stay up-to-date with the latest security threats, vulnerabilities, and trends relevant to the fintech and cross-border payments sector, and recommend proactive measures.
  • Participate in security incident response activities, providing technical expertise and guidance.
  • Ensure compliance with relevant security regulations, standards, and frameworks across all jurisdictions (DFSA, SBP, SAMA, PCI-DSS, ISO 27001).

Required Skills and Experience:

  • Agile: Understanding of agile methodologies and experience integrating security practices into agile development processes (DevSecOps).
  • Communication: Excellent written and verbal communication skills with the ability to articulate complex security concepts and risks clearly to both technical and non-technical audiences, including regulators and auditors.
  • Strategy and Planning: Ability to develop strategic security architecture plans that align with business objectives and the overall security strategy across a multi-jurisdiction payments business. Strong planning and organisational skills to manage security architecture deliverables effectively.
  • Leadership & Influence Skills: Ability to influence technical decisions related to security and guide development and infrastructure teams in implementing secure solutions. Experience presenting to boards and regulatory bodies.
  • Problem-solving and Analytical skills: Exceptional problem-solving and analytical skills to identify security vulnerabilities and design effective security controls for complex payment ecosystems.
  • Security Architecture Expertise: Deep understanding of security principles, frameworks (e.g., NIST, ISO 27001, PCI-DSS), and best practices. Experience with security technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), vulnerability scanners, security information and event management (SIEM) systems, and cloud security concepts (AWS). Strong understanding of network security, application security, data security, and payment system security. Experience with SWIFT CSP and AML/CTF controls. Relevant security certifications (e.g., CISSP, CISM, PCI-QSA) are a plus.
  • Payments Domain Knowledge: Understanding of cross-border payment flows, remittance corridors, card processing, BIC/IBAN/LEI identifiers, FX settlement, and reconciliation processes.
  • Stakeholder Management: Ability to build and maintain strong relationships with diverse stakeholders, including regulators (DFSA, SBP, SAMA), payment partners, and internal teams, ensuring alignment on security architecture and requirements.

General Requirements for the Role:

  • Bachelor's Degree in related field: A bachelor's degree in Information Security, Computer Science, Engineering, or a related field is required.
  • 8+ years of experience in information security with a focus on architecture: Minimum of 8 years of progressive experience in designing and implementing security architectures, preferably within financial services or payments.
  • Experience designing secure systems and applications: Demonstrated experience in architecting secure enterprise-level systems and applications, including PCI-DSS compliant environments.
  • Proven track record of successful security architecture implementation: A verifiable history of contributing to the successful implementation of secure solutions and improving the organisation's security posture in regulated environments.

Benefits and Perks:

  • Competitive salary and comprehensive benefits package.
  • Opportunity to work with cutting-edge payments and fintech solutions and collaborate with skilled professionals across multiple markets.
  • Professional development and training opportunities, including security certification sponsorship.
  • Inclusive company culture that values diversity and innovation.