Security Architect

Headquartered in Singapore, SATS Ltd. is one of the world’s largest providers of air cargo handling services and Asia’s leading airline caterer. SATS Gateway Services provides airfreight and ground handling services including passenger services, ramp and baggage handling, aviation security services, aircraft cleaning and aviation laundry. SATS Food Solutions serves airlines and institutions, operating central kitchens with large‑scale food production and distribution capabilities for a wide range of cuisines.

SATS is present in the Asia‑Pacific, the Americas, Europe, the Middle East and Africa, powering an interconnected world of trade, travel and taste. Following the acquisition of Worldwide Flight Services (WFS) in 2023, the combined SATS and WFS network operates over 215 stations in 27 countries and covers trade routes responsible for more than 50% of global air cargo volume. SATS has been listed on the Singapore Exchange since May 2000.

• Lead security reviews for regional projects, platforms, and vendors; ensure designs meet global policy, risk tolerance, and compliance requirements.
• Apply existing reference architectures and contribute new patterns where gaps exist (cloud, data, identity, network, application).
• Perform threat models; specify compensating controls and validate via architecture artifacts (diagrams, ADRs, guardrails).
• Translate policy into Azure/AWS guardrails (landing zones, IAM, network segmentation, key management, logging).
• Embed security in SDLC (IaC, pipelines, SAST/DAST/SCA, secrets management) and partner with platform/SRE teams for pragmatic controls.
• Ensure classification‑driven controls (encryption, tokenization, DLP) across data lifecycle and cross‑border requirements.
• Specify telemetry, control points, and use‑case requirements to SOC/IR for effective detection coverage.
• Map designs to NIST CSF / ISO 27001 / NIS2 (EU‑only) control objectives; support architecture‑specific audit questions and remediation planning.
• Produce concise reference designs, decision records, and possibly build/run books to accelerate delivery teams.
• Coach IT business partners and junior architects; champion a modern, practical, and business‑aligned security culture.
• Track emerging threats/regulations; propose targeted pattern/policy updates to the Principal Architect.

• Bachelor’s degree or equivalent professional experience.
• 5‑10 years in cybersecurity, including 3‑5 years focused on security architecture/engineering in enterprise or regulated environments.
• Hold current cybersecurity certifications such as: CISSP, CCSP, CISM, Azure/AWS, and others.
• Demonstrated delivery of secure designs in hybrid (on‑prem + multi‑cloud) environments.
• Applied alignment to NIST CSF / ISO 270xx / NIS2 (EU‑only); familiarity with PCI or regional data protection regimes (e.g., GDPR, PDPA, CCPA) is a plus.
• Strong breadth across network micro‑segmentation, IAM/Zero Trust, application security, data protection/cryptography, logging/observability.
• Hands‑on with Azure/AWS security services and IaC (ARM/Bicep/Terraform) for guardrails and repeatable controls.
• Solid threat modeling and attacker‑TTP awareness; able to specify measurable mitigations in your designs.
• Ability to create clear architecture artifacts (context/flow diagrams, reference patterns, control maps).
• System‑thinking‑ability to see the "big picture" and understand how various systems and stakeholders are connected.