• Own end-to-end cybersecurity, information security, and IT security across the company, covering both internal security (breach attempts, internal network monitoring) and product security (product-related threats and risks) • Define, evolve, and execute the company-wide cybersecurity strategy and security roadmap aligned with business and product priorities • Establish and enforce security policies, standards, procedures, and organization-wide security controls • Lead security risk management, including risk assessments, risk register ownership, and mitigation planning • Ensure compliance with regulatory and industry standards (e.g., GDPR, ISO 27001, SOC 2) and manage internal/external audits • Oversee secure architecture across cloud infrastructure, applications, SDLC, and IAM, including review of critical architectural decisions • Define and enforce security standards for encryption, key management • Own security operations, including monitoring, detection, response capabilities, and incident response for critical (P0/P1) events • Drive Application Security and DevSecOps practices (SAST, DAST, SCA, CI/CD security controls, threat modeling) in collaboration with engineering teams • Oversee IAM, endpoint, and workforce security, including access control models, EDR strategy, device security, and joiner/mover/leaver processes • Lead fraud prevention, vendor security, and internal/external abuse investigation processes, while managing security KPIs, reporting, budget, and team scaling • Manage a large cybersecurity team, including Cloud Security, SOC, Application Security / DevSecOps, Endpoint Security, IAM, and Information Security functions.

• Define and implement company-wide security strategy** • Design and own identity & access management architecture across all systems** • Secure exchange platform, wallets, APIs, and trading infrastructure** • Establish security across the full software lifecycle (code, dependencies, CI/CD pipelines)** • Lead incident response, threat detection, and risk management** • Drive security culture and practices across all teams, not only engineering

Softeta is an IT solutions provider based in Vilnius, Lithuania. With over 90 professionals located across Lithuania and Poland, we support companies in overcoming complex IT challenges through tailor-made software development and data-driven solutions. Softeta is looking for a Security Architect to become a part of our vibrant team and will be work for our client from banking sector. Responsibilities: - Architectural Governance: Own the end-to-end security design for the Data Mesh, ensuring alignment with both internal bank policies and external regulations (DORA, ECB). - Gap Analysis & Mitigation: Evaluate current and future architectures against non-functional requirements (Encryption, Access Control, Logging). Document status, propose technical alternatives, and perform formal risk assessments for non-compliant areas. - Network & Infrastructure Security: Design and audit complex network segmentation, including VNETs, subnets, and firewall rules for hybrid (Cloud-to-On-Prem) environments. - Data Flow Validation: Secure high-velocity data streams and pipelines, specifically focusing on Kafka, Data Lake, DWH, and CDC from Flexcube. - Enablement: Develop and maintain security patterns and standards to empower product teams to build securely without constant manual oversight. - Strategic Testing: Provide expert guidance on the scope of penetration testing, justifying the necessity (or exclusion) of tests based on the current threat landscape.

• Handling client engagements and utilizing strong technical experience to find solutions • Task management of large / complex implementations, especially in Application security or enterprise risk/identity projects • Implementation of GRC technology and supporting modules • Work with clients to understand requirements and configure solutions to fit those needs • Perform controls and configuration reviews involving relevant application systems and processes • Advise clients on controls in their enterprise systems relating to regulatory or legislative compliance • Review and advise on security redesign and remediation projects • Build relationships with new clients and maintain good relations with our existing client base • Integrate solutions into wider cybersecurity controls estates