Senior Security Architecture Manager
About Kueski
At Kueski, we're dedicated to improving the financial lives of people in Mexico. Since 2012, we've been the leading buy now, pay later (BNPL) and online consumer credit platform in Latin America, known for our innovative financial services. Our flagship product, Kueski Pay, provides seamless payment solutions for both online and in-store transactions, establishing itself as the preferred option for a quarter of Mexico's top e-commerce merchants. Notably, we were the first to introduce BNPL on Amazon Mexico.
We're a tech company with a culture geared toward innovation, collaboration, and impact, fostering a strong, diverse, and inclusive company culture. In 2023, Kueski was recognized as the top BNPL platform by Fintech Breakthrough and earned the title of one of Mexico's most ethical companies from AMITAI. Additionally, we ranked as one of the Best Companies for Female Talent by EFY.
Purpose
This senior Security Architecture leader is part of the cybersecurity team and is the main responsible for creating architectural guidelines and definitions of how the Kueski security tools, services, network connections, and all the elements of the Kueski organization are implemented, in a way that Kueski can guarantee the appropriate performance in a secure environment. This position will work with the different teams to ensure the connectivity and architecture of all the components are implemented adequately, but also that new elements are integrated in a cohesive way, in which we can ensure a level of security that is best in class for our customers.
Key Responsibilities:
Strategic Security Architecture Leadership:
Drive and execute strategic Security Architecture projects that are critical to the company's mission and long-term goals
Provide expert guidance on complex business matters to support executive decision-making
Ensure all Security Architecture strategies are aligned with business objectives and regulatory requirements
Stakeholder Management:
Cultivate and maintain strong relationships with internal and external stakeholders, including regulatory bodies, external counsel, and business partners
Communicate complex information security concepts and risks to non-security stakeholders in a clear and concise manner
Team Development and Leadership:
Lead, mentor, and develop a high-performing cybersecurity team, fostering a culture of continuous learning and professional growth
Promote a collaborative and inclusive work environment that encourages innovation and excellence
Set clear objectives for the cybersecurity team, provide regular feedback, and conduct performance evaluations to support their development
Security Architecture:
Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data
Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle
Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines
Perform security reviews, identify gaps in security architecture, and develop a security risk management plan
Provide advice on project costs, design concepts, or design changes
Provide input on security requirements to be included in statements of work and other appropriate procurement documents.
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials)
Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment
Analyze candidate architectures, allocate security services, and select security mechanisms
Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents
Write detailed functional specifications that document the architecture development process
Translate proposed capabilities into technical requirements
Ability to apply the methods, standards, and approaches for describing, analyzing, and documenting an organization's enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF], Federal Enterprise Architecture Framework [FEAF])
Ability to conduct vulnerability scans and recognize vulnerabilities in security systems
Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
Position Requirements:
Minimum of 7 years of Infosec experience, with at least 3 years in a leadership role
Extensive experience in information security and cybersecurity
+2 years in a similar job of architecture or security architecture
+1 year of defining and designing security architectures in cloud environments
+2 years of leadership experience managing internal and external teams
Relevant experience in designing architectures in heavily distributed environments
Relevant experience in agile methodologies, DevOps, and DevSecOps
Relevant Experience defining application security architectures and controls (e.g. WAF, FW, Balancers, Kubernetes, AWS-focused architectures, etc)
Experience in applying and incorporating information technologies into proposed solutions
Experience in designing countermeasures to identify security risks
Knowledge of network access, identity, and access management (e.g., public key infrastructure, OAuth, OpenID, SAML, SPML)
Assertive communication
Resilience
Teamwork
Problem-solving
Critical thinking
Adaptability
You’ll love working at Kueski because:
We have a mission-driven culture focused on customer value, teamwork, humility, and integrity
Everyone is expected to have role clarity, career growth, and a personal development plan. Feedback and recognition are embedded in our company processes, systems, and practices
We ensure competitive salary, medical insurance, and wellbeing through ample and flexible time off as well as mental healthcare benefits
Everyone is an owner and eligible for competitive stock options with a company poised for success. We're committed to building an inclusive and diverse team and we know this leads to incredible work
Kueski: Where talent excellence improves Mexican lives.
#LifeAtKueski #KueskiTalent
At Kueski we embrace diversity in all forms, systematically promote equity, and ensure everyone feels included with a sense of belonging. We are committed to the full inclusion of all qualified candidates. As part of this commitment, we will make efforts to ensure reasonable accommodations are made during the hiring process. If reasonable accommodation is needed, please let the Talent Acquisition team know.
About the job
Apply for this position
Senior Security Architecture Manager
About Kueski
At Kueski, we're dedicated to improving the financial lives of people in Mexico. Since 2012, we've been the leading buy now, pay later (BNPL) and online consumer credit platform in Latin America, known for our innovative financial services. Our flagship product, Kueski Pay, provides seamless payment solutions for both online and in-store transactions, establishing itself as the preferred option for a quarter of Mexico's top e-commerce merchants. Notably, we were the first to introduce BNPL on Amazon Mexico.
We're a tech company with a culture geared toward innovation, collaboration, and impact, fostering a strong, diverse, and inclusive company culture. In 2023, Kueski was recognized as the top BNPL platform by Fintech Breakthrough and earned the title of one of Mexico's most ethical companies from AMITAI. Additionally, we ranked as one of the Best Companies for Female Talent by EFY.
Purpose
This senior Security Architecture leader is part of the cybersecurity team and is the main responsible for creating architectural guidelines and definitions of how the Kueski security tools, services, network connections, and all the elements of the Kueski organization are implemented, in a way that Kueski can guarantee the appropriate performance in a secure environment. This position will work with the different teams to ensure the connectivity and architecture of all the components are implemented adequately, but also that new elements are integrated in a cohesive way, in which we can ensure a level of security that is best in class for our customers.
Key Responsibilities:
Strategic Security Architecture Leadership:
Drive and execute strategic Security Architecture projects that are critical to the company's mission and long-term goals
Provide expert guidance on complex business matters to support executive decision-making
Ensure all Security Architecture strategies are aligned with business objectives and regulatory requirements
Stakeholder Management:
Cultivate and maintain strong relationships with internal and external stakeholders, including regulatory bodies, external counsel, and business partners
Communicate complex information security concepts and risks to non-security stakeholders in a clear and concise manner
Team Development and Leadership:
Lead, mentor, and develop a high-performing cybersecurity team, fostering a culture of continuous learning and professional growth
Promote a collaborative and inclusive work environment that encourages innovation and excellence
Set clear objectives for the cybersecurity team, provide regular feedback, and conduct performance evaluations to support their development
Security Architecture:
Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data
Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle
Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines
Perform security reviews, identify gaps in security architecture, and develop a security risk management plan
Provide advice on project costs, design concepts, or design changes
Provide input on security requirements to be included in statements of work and other appropriate procurement documents.
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials)
Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment
Analyze candidate architectures, allocate security services, and select security mechanisms
Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents
Write detailed functional specifications that document the architecture development process
Translate proposed capabilities into technical requirements
Ability to apply the methods, standards, and approaches for describing, analyzing, and documenting an organization's enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF], Federal Enterprise Architecture Framework [FEAF])
Ability to conduct vulnerability scans and recognize vulnerabilities in security systems
Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
Position Requirements:
Minimum of 7 years of Infosec experience, with at least 3 years in a leadership role
Extensive experience in information security and cybersecurity
+2 years in a similar job of architecture or security architecture
+1 year of defining and designing security architectures in cloud environments
+2 years of leadership experience managing internal and external teams
Relevant experience in designing architectures in heavily distributed environments
Relevant experience in agile methodologies, DevOps, and DevSecOps
Relevant Experience defining application security architectures and controls (e.g. WAF, FW, Balancers, Kubernetes, AWS-focused architectures, etc)
Experience in applying and incorporating information technologies into proposed solutions
Experience in designing countermeasures to identify security risks
Knowledge of network access, identity, and access management (e.g., public key infrastructure, OAuth, OpenID, SAML, SPML)
Assertive communication
Resilience
Teamwork
Problem-solving
Critical thinking
Adaptability
You’ll love working at Kueski because:
We have a mission-driven culture focused on customer value, teamwork, humility, and integrity
Everyone is expected to have role clarity, career growth, and a personal development plan. Feedback and recognition are embedded in our company processes, systems, and practices
We ensure competitive salary, medical insurance, and wellbeing through ample and flexible time off as well as mental healthcare benefits
Everyone is an owner and eligible for competitive stock options with a company poised for success. We're committed to building an inclusive and diverse team and we know this leads to incredible work
Kueski: Where talent excellence improves Mexican lives.
#LifeAtKueski #KueskiTalent
At Kueski we embrace diversity in all forms, systematically promote equity, and ensure everyone feels included with a sense of belonging. We are committed to the full inclusion of all qualified candidates. As part of this commitment, we will make efforts to ensure reasonable accommodations are made during the hiring process. If reasonable accommodation is needed, please let the Talent Acquisition team know.