Consultant – Security Architecture and Engineering - Bengaluru, India - Tredence Inc.
Description
About Tredence
Tredence is a data science and AI engineering company focused on solving the last-mile problem in analytics. We define 'last mile' as the gap between insight creation and value realization. Tredence is now 1,500+ employees strong with offices in Foster City, Chicago, London, Toronto, and Bangalore, serving 30+ Fortune 500 companies in retail, CPG, hi-tech, telecom, travel, and industrials as clients.
About ISG:
Tredence CISO's office is accountable for Security and Privacy on all aspects of Tredence's internal and Client facing business. The team in charge of Security - the Information Security Group (ISG) - focusses on all elements of Information Security for the organization working collaboratively with stakeholders from across its business. The team provides internal as well as external stakeholders assurance while confidential data is being handled to meet business objectives. ISG takes care of implementing, maintaining and reporting of Information Security and its posture using a combination of Policies, Procedures, Guidelines and Cyber Security technology controls on an ongoing basis. The team comprises of two Groups, 1. Cyber Security Governance, Risk and Compliance (GRC) and, 2. Cyber Security Technical Operations (TechOps)
Responsibilities:
In this role in SecArch (under the TechOps group), you will partake in strategizing and handling of initiatives related to building and keeping up-to-date all relevant Technical Security Standards (e.g.: Hardening Standards, Encryption Standards etc.) as well as build and maintain the Security Architecture artifacts (e.g.: Framework etc.), and help evolve the Security Architecture and Cyber Security maturity of the Organization
o You will review and sign-off on all relevant IT and IoT changes which can influence the Security Architecture as well as manage exceptions to the same
o You will track and extend / revoke exceptions in a timely manner so as to ensure exceptions are only utilized on a business-need-to-have basis
o You will handle supplier technical security due diligence of the products and/or services so as to ensure the assessee has apt set of technical controls as desired - with respect to Confidentiality, Integrity and Availability - before being contracted for work / use with the organization; and similarly in M&A initiatives as and when applicable
o You will maintain a constant view of the current security state in the organization so as to ensure adequacy and coverage of technical security controls in the organization
o You will handle initiatives pertaining to systematic detection and mitigation of technical control gaps across the organization on an ongoing basis
o From a Security Engineering standpoint, you will partake in the development and implementation of the Security Engineering program in which various implementations of Cyber Security technologies will be undertaken to help protect the organization from Cyber Threats from time to time
o You will work with Security Vendors from initial expectation conversations, RFPs, functional requirements, proof of concepts (POCs) and vendor short listing, UAT, production rollouts, product or platform upgrades as well as ongoing maintenance as required
o You will keep abreast with the latest events pertaining to the Global Cyber Security Threat landscape so as to consider critical Cyber Security stack upgrades for the organization on priority
o You will ensure control coverage and effectiveness in all solution rollouts in a systematic fashion
o You will work closely with Security Architecture team and other relevant stakeholders to obtain a clear understanding of the current Cyber Security posture of the organization and control gaps to help derive the required Security Engineering Strategy and implementation of the same
o You will assist the team in handling Cyber Security budgets for the CISO Office through its entire lifecycle from budget proposals, approvals and periodic tracking and reporting
Knowledge expectations
o You come with up to 5 years of hands-on working experience in Information Security
o You have good knowledge of various latest Cyber Security technology controls (e.g.: SASE, CASB, anti-APT, EDR,
XDR, SIEM, SOAR, UEBA, Threat Hunting, WAF, Firewalls, anti-DDoS, PIM-PAM, Attack Surface Monitoring (ASM)
technologies etc.), Enterprise Security Architecture, Cyber Resilience, Cloud Security Strategy and roadmap, and Security Standards not withstanding its applicability on-prem, on-cloud, mobile or on IoT infrastructure paradigms
You have basic knowledge in various topics in the following areas, such as but not limited to application of Security to Systems, Storage, Compute, Cloud, Networks, Virtualization, Software and OT
o You have a fundamental knowledge of applying essential security controls in one or more of the following Cloud platforms – Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP)
o You have a basic understanding of various Security Standards and Frameworks such as, but not limited to, Information Security Management System (ISO 27001), Business Continuity Management System (ISO 22301), NIST Cyber Security Framework (NIST), NIST 800-53, PCI DSS, HIPAA, SSAE-18 SOC 1 or SOC 2 and SoX controls
Required education and certifications
You are an Engineering graduate, have an equivalent or higher education
o You have acquired one or more of the following certifications – CISSP, CISM, CCSP, ISO 27001 Lead Implementer / Auditor, Azure, AWS and GCP Certifications
Skill expectations and others
o You have great attention to detail, strong communication and collaboration skills
o You come with a mix of technical, analytical and problem-solving skills
o You come with a mindset of helping improve the Information Security Program at all times
o You are an avid learner which you continuously look at imbibing and applying on the job
o You are a self-starter, a go getter and an innovative thinker with a positive attitud