Cloud Security Lead
Job Details
Job Title
Cloud Security Lead
Department
IT Security
Reporting to
VP Security
Location
Ahmedabad
Job Objective
To lead the Cloud Security efforts within the IT Security COE to meet Group and BU requirements in alignment with group IT directives
To define and manage overall security in cloud including security architecture, operations, and delivery. This role designs and architect controls against defined compliance and security policies, reviews current security architecture, assesses, and recommends industry best practices for security architecture in cloud implementation.
To define and maintain the Cloud Security Reference Architecture to be adhered by respective Cloud Application Architects. This role is accountable to ensure adherence and governance to the Cloud Security Reference Architecture
Roles and Responsibilities
Strategic Roles and Responsibilities
Understand the group’s long-term business strategies and goals, define the strategic objectives, roadmap, and goals for the IT Cloud Security function in line with overall Group IT security strategy
Ensure all security solutions exhibit high levels of performance, scalability, maintainability, and appropriate reusability and reliability upon deployment
Architect and develop security solutions and policies that meet business, IT, Regulation, Compliance and Cloud computing needs, infusing key security technologies in relation to the companies group Cloud strategy where appropriate
Ensure that the solution exhibits Secure by Design doctrine, such as high-performance levels, security, scalability, maintainability, appropriate reusability, and reliability upon deployment
Participate in industry forums to interact with different Cloud Security solution providers and evaluate new and potential technologies
Operational Responsibilities
Assess execution of security policy and validate necessary controls are in place
Manage and scale cloud security programs by defining milestones and success criteria, resource allocation, and successful on-time delivery
Understand the end-to-end solution and implementation path in order to execute large, complex security programs
Coordinate between a multitude of cross functional teams and set clear expectations about responsibilities for internal and external customers
Empower customers in their security adoption journey, helping them:
o Adhere to the defined security strategy, architecture
o Implement necessary security controls including Threat Protection, Monitoring, Cloud Security, and Identity and Access Management
Support security governance processes and serve as CoE interface to BUs
Risk Management
Lead and conduct risk assessments and identify and assess potential vulnerabilities in Group’s cloud security plan
Oversee deployment of strategic interventions to mitigate risks and address the vulnerabilities
Build cloud security reporting dashboards at the group level for capturing status of different systems
Oversee security incidents and breaches; Monitor threat management measures across group and business
Review security related issues through periodic meetings with CIOs to understand issues and provide resolution for the same
Security Audit
Establish audit protocols, frequency, and define audit calendar and enlist pre-requisites in accordance with the Group IT audit framework
Define and measure security compliance metrics, facilitate and track compliance activities and management action plans
Empanel audit agencies for group/ BU/ site audit and ensure audits are conducted as defined while interfacing with auditors for critical checks
Monitor the audit findings at the Group IT, Group Information Security and business level and report any security breaches to the Central IT and Security teams
Stakeholder Management
Build a trusted advisory relationship with all the BUs and engage with Architects, Engineering, and C-level, identify stakeholder priorities, and design security strategies that deliver business value
Ensure robust decision making with collaborative inputs, resolve conflicts and ensuring follow through on cross functional projects
Consult and collaborate with stakeholders to develop relevant, timely policy and support materials for all business units
People Management
Drive a performance driven culture – set goals, review performance, and provide feedback to ensure a motivated and committed team
Develop employee capability and build functional excellence through various learning and development interventions and mentoring initiatives
Foster an environment of learning, excellence, and innovation within the team and across teams
Job Profile
Minimum qualifications:
8-10 yrs of experience
Mandatory Certification CISSP
Preferred certification CCSP OR CCSK
Deployment experience of CSPM
Experience with identity/access management, network security, data protection, cryptography, and pen testing
This role designs and architect controls against defined compliance and security policies, reviews current security architecture, assesses, and recommends industry best practices for security architecture.
Preferred qualifications:
Certification in one or more of the following technologies: GIAC Certifications, CCSK, CCSP, CompTIA
Understanding of industry compliance and security standards such as PCI DSS, ISO 27001, SOC 1 and 2
Experience architecting, developing, or maintaining secure cloud solutions (preferably Google Cloud)
Experience with identity/access management, network security, data protection, cryptography, and pen testing
Familiarity with securing Kubernetes and containerization workloads.
Knowledge of cloud security platforms and industry competitive landscape
Breadth of technical security experience and knowledge, with depth / Subject Matter Expertise in two or more of the following Security Solutions – Cloud workload protection, Threat protection, Data encryption and protection key services, SIEM, and Cloud Security Analytics, Security Operation Center and Identity and Access Management
Act as trusted security technical advisor, and identity priorities, technical objections and design strategies encompassing the entire Google Cloud ecosystem to deliver value and business outcomes
Ability to solve security, compliance, and data protection problems through cloud technologies
AddRec Solutions Pvt. Ltd. © 2024 | All Rights Reserved
MANAGED BY INFIEGRITY SOLUTIONS