Archives: Jobs

Cloud Security Lead

Job Details

Job Title

Cloud Security Lead

Department

IT Security

Reporting to

VP Security

Location

Ahmedabad

 

Job Objective

To lead the Cloud Security efforts within the IT Security COE to meet Group and BU requirements in alignment with group IT directives

To define and manage overall security in cloud including security architecture, operations, and delivery. This role designs and architect controls against defined compliance and security policies, reviews current security architecture, assesses, and recommends industry best practices for security architecture in cloud implementation.

To define and maintain the Cloud Security Reference Architecture to be adhered by respective Cloud Application Architects. This role is accountable to ensure adherence and governance to the Cloud Security Reference Architecture

 

Roles and Responsibilities

Strategic Roles and Responsibilities

Understand the group’s long-term business strategies and goals, define the strategic objectives, roadmap, and goals for the IT Cloud Security function in line with overall Group IT security strategy

Ensure all security solutions exhibit high levels of performance, scalability, maintainability, and appropriate reusability and reliability upon deployment

Architect and develop security solutions and policies that meet business, IT, Regulation, Compliance and Cloud computing needs, infusing key security technologies in relation to the companies group Cloud strategy where appropriate

Ensure that the solution exhibits Secure by Design doctrine, such as high-performance levels, security, scalability, maintainability, appropriate reusability, and reliability upon deployment

Participate in industry forums to interact with different Cloud Security solution providers and evaluate new and potential technologies

Operational Responsibilities

Assess execution of security policy and validate necessary controls are in place

Manage and scale cloud security programs by defining milestones and success criteria, resource allocation, and successful on-time delivery

Understand the end-to-end solution and implementation path in order to execute large, complex security programs

Coordinate between a multitude of cross functional teams and set clear expectations about responsibilities for internal and external customers

Empower customers in their security adoption journey, helping them:

o Adhere to the defined security strategy, architecture

o Implement necessary security controls including Threat Protection, Monitoring, Cloud Security, and Identity and Access Management

Support security governance processes and serve as CoE interface to BUs

Risk Management

Lead and conduct risk assessments and identify and assess potential vulnerabilities in Group’s cloud security plan

Oversee deployment of strategic interventions to mitigate risks and address the vulnerabilities

Build cloud security reporting dashboards at the group level for capturing status of different systems

Oversee security incidents and breaches; Monitor threat management measures across group and business

Review security related issues through periodic meetings with CIOs to understand issues and provide resolution for the same

Security Audit

Establish audit protocols, frequency, and define audit calendar and enlist pre-requisites in accordance with the Group IT audit framework

Define and measure security compliance metrics, facilitate and track compliance activities and management action plans

Empanel audit agencies for group/ BU/ site audit and ensure audits are conducted as defined while interfacing with auditors for critical checks

Monitor the audit findings at the Group IT, Group Information Security and business level and report any security breaches to the Central IT and Security teams

Stakeholder Management

Build a trusted advisory relationship with all the BUs and engage with Architects, Engineering, and C-level, identify stakeholder priorities, and design security strategies that deliver business value

Ensure robust decision making with collaborative inputs, resolve conflicts and ensuring follow through on cross functional projects

Consult and collaborate with stakeholders to develop relevant, timely policy and support materials for all business units

People Management

Drive a performance driven culture – set goals, review performance, and provide feedback to ensure a motivated and committed team

Develop employee capability and build functional excellence through various learning and development interventions and mentoring initiatives

Foster an environment of learning, excellence, and innovation within the team and across teams

 

Job Profile

Minimum qualifications:

8-10 yrs of experience

Mandatory Certification CISSP

Preferred certification CCSP OR CCSK

Deployment experience of CSPM

Experience with identity/access management, network security, data protection, cryptography, and pen testing

This role designs and architect controls against defined compliance and security policies, reviews current security architecture, assesses, and recommends industry best practices for security architecture.

 

Preferred qualifications:

Certification in one or more of the following technologies: GIAC Certifications, CCSK, CCSP, CompTIA

Understanding of industry compliance and security standards such as PCI DSS, ISO 27001, SOC 1 and 2

Experience architecting, developing, or maintaining secure cloud solutions (preferably Google Cloud)

Experience with identity/access management, network security, data protection, cryptography, and pen testing

Familiarity with securing Kubernetes and containerization workloads.

Knowledge of cloud security platforms and industry competitive landscape

Breadth of technical security experience and knowledge, with depth / Subject Matter Expertise in two or more of the following Security Solutions – Cloud workload protection, Threat protection, Data encryption and protection key services, SIEM, and Cloud Security Analytics, Security Operation Center and Identity and Access Management

Act as trusted security technical advisor, and identity priorities, technical objections and design strategies encompassing the entire Google Cloud ecosystem to deliver value and business outcomes

Ability to solve security, compliance, and data protection problems through cloud technologies

 

 

Senior Manager – Application Security

Job Details

Job Title

Senior Manager – Application Security

Department

Cyber Security

Reporting to

CISO

Location

Ahmedabad

 

Job Objective

To support the CISO in effective governance of the cyber security department

To support and monitor all ongoing cyber security projects in ensuring timely delivery and closure

To support cultivation of strategic relationships with partners through effective partner engagement

 

 

Roles and Responsibilities

Strategic Roles & Responsibilities

CISO STRAP

Support CISO by collating and providing inputs to define the operating plan for cyber security

Establish and share guidelines for budget preparation with businesses; Collate group cyber security budget by consolidating budgets from each department/business and budgeting for group-level initiatives; Consult CISO and seek approval to finalize budget

CISO Performance Metrics

Basis guidance from CISO establish key performance indicators to effectively measure the cyber department performance

Enable thorough measure of success of activities by implementing appropriate frameworks

Governance & Compliance

Provide inputs to define cyber governance frameworks and establish governance systems, processes and control systems

Continuously monitor and ensure adherence to defined governance protocols

Track and monitor adherence to defined budgets; Provide guidance or action plan to overcome deviations if any

Committees and Councils

Define structure, composition, frequency of meetings and objectives of different governance committees in consultation with CISO

Ensure that committees convene as per the prescribed timelines to evaluate initiatives and projects undertaken; Participate in governance committees to share insights from a governance perspective

Vendor-Partner Management and Engagement

 

Manage vendor-partner identification, evaluation, selection and contracting processes for critical projects at the group level to support the CISO

Collaborate with cyber departments to articulate the RFP and share it with the identified partners

Support CISO to evaluate Cyber services partners basis capability, market presence and strength of their commercial proposals

Articulate and finalize contract in concurrence with the CISO, concerned departments and partner; define scope of work, project RACI and SLAs

Track partner performance to ensure project delivery basis expected quality, timelines and budgetary considerations, and address non-performance; Conduct regular partner performance reviews based on project criticality

Manage escalations related to partner (non)performance, scoping issues, partner pay-outs

Cultivate strategic relationships with partners and effectively leverage them for value additions to company

Engage with partners on a frequent basis for a win-win relationship; Facilitate organization of capability road shows/ POCs by partners to increase partner engagement with the organization

Project Governance, PMO and SLA Assurance

Review processes for effective program management of Cyber Projects; Classify projects into different categories basis project size, duration, complexity and criticality to establish project governance levels

Maintain oversight over fulfilment of project expectations (in terms of timelines, budget and quality) and adherence to defined SLAs; Conduct exhaustive reviews at pre-established critical project milestones

Ensure timely completion of projects within allocated budgets and with quality outcomes

Review applicable SLA frameworks and accordingly determine KPIs to comprehensively track different project elements

Support CISO in evaluating costs and risks to determine optimal SLAs, terms and conditions and consequences for the project

Operational Excellence and Review

Report service level attainment results and provide inputs on improvement opportunities

Implement continuous process improvements for Cyber operations and benchmark them with industry standards

Customer Feedback

Drive customer feedback collection for cyber services and solutions; Define tools & techniques to capture and analyze customer feedback

Analyse customer satisfaction levels and support CISO to identify measures to improve customer satisfaction levels based on feedback received

 

Job Profile

Educational qualifications:

Bachelor’s in Computer Science or related IT-related discipline.

Advanced educational qualifications, such as an MBA in Information Systems or a related field.

One or more of the following certifications: Certified Information Security Manager (CISM), Certified in Risk Management and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP).

 

Experience:

8-13 yrs of experience

Experience VAP Penetration testing, Mobile application testing, thick app testing

Knowledge of Risk Assessment Framework

Mandatory Certification OSCP OR OSCE OR OSWE

 

Job

 

Job Description

Governance lead / Manager creates and amends IT contracts. Contract managers

write up IT contracts related Scope, SLAs and relevant annexures. Governance

Lead / Managers oversee IT contracts, perform contract audits, create

improvement plans with partner. Work with internal IT team and partner team for

drafting new RFP, contracts & amendments as necessary.

Supports internal IT team for any new contract, needs to understand the

advantages and pitfalls of contracts and be familiar with a plethora of contract

details.

Responsibilities

Create, analyze, and execute IT contracts for various transactions

Build and maintain relationships with partners internal IT team and other

business connections

Maintain contract-related documents and correspondence

Present contract information to relevant parties.

Troubleshoot contract-related problems, such as breach of contract with

analytics e.g.: Reviewing SLAs, measuring contract scope, delivery timelines

etc.

Keep track of contracts and extend, renew, or close them out

Perform contract audits & prepare contract compliance dashboard.

Work cohesively with partner to prepare improvement plans

Stay informed about changes to relevant IT rules and regulations