Cyber Security Lead - Bengaluru, India - Société Générale Assurances

Description

Cyber Security Lead - CSROPermanent contract|Bangalore|IT (Information Technology)Cyber Security Lead - CSRO

Bangalore, IndiaPermanent contractIT (Information Technology)

Responsibilities

We are seeking a cloud security expert for Cloud Security and Risk Officer (CSRO) role who can contribute towards the strategic direction of public cloud native services usage and security, processes, tools, and risk management.

Individual must have a hands-on experience with Azure or AWS Native Services such as VNET, VPC, Express Route, Direct Connect, VM, EC2, Storage Accounts, S3 etc.

Profile required

Experience : 5 to 10 yrsSkills RequiredStrong understanding of cloud technologies and platforms: Azure or AWS or both(preferred).

Understanding and hands-on experience of cloud native service such as AWS EC2, S3, CloudFront, VPC, Direct Connect, DynamoDB etc and for Azure VNET, Storage Accounts, Application Gateway, WebApp, CosmosDB etc.

Should have conducted cloud security assessments and configuration reviews as per industry best practices. Should have understanding of AWS SCP, IAM & Resource based policies and Azure policies.

Familiarity with industry-leading standards and frameworks such as ISO 27001, NIST, CSA CCM, CIS benchmarks to help clients adhere to compliance requirements.

Knowledge and experience of Risk Management Lifecycle (Risk Identification, Risk Assessment, Risk Response, & Reporting) Experience with Cloud Security Solution such CNAPP, CWP, CSPM solutions.

Knowledge and experience in defining cloud security policies and frameworks for organizations. Effective written and communication skills. Strong sense of ownership, urgency, and drive. Should have the ability to work independently. Demonstrate teamwork and collaborate with other teams to ensure client's cloud environment is secure.

Key ResponsibilitiesOptimize and enhance the existing cloud security risk evaluation model. Engage in cloud security architecture discussion with different capabilities and BU. Update and document security controls as part of the public cloud expertise team. Assess AWS and Azure native services for risk and suggest controls to mitigate the risk. Present the risk assessment to various BU's in community forum for suggestions and recommendations. Recommend changes to existing policies and procedures based on emerging threats or vulnerabilities. Build and enforce a hardening checklist that incorporates industry best practices for public cloud security.

Provide design-time review and guidance to teams involved in building and deploying solutions on public, private, or hybrid cloud environments, emphasizing security by design principles.

Validate and communicate the hardening of services, assessing the maturity of applications, services, and infrastructure against the defined security framework.

Support the development team on bugs reported by consumer of the cloud services. Engaged with different Business Units to understand the different use cases on how the CSP Services shall be consumed. Monitor operations and propose functional improvements within the scope of security framework and risk analysis. Collect evidence and perform technical and functional acceptance tests for "infrastructure and service hardening" projects. Holistic experience and view on Cloud Management and Governance.

Contributing to security architecture interventions in business specific process for acquiring and developing new technology Contributing to the development and reporting of metrics for the Secure Design team, within the broader Security Architecture function Certification (good to have) : AWS Solutions Architect – Associate; AWS Solution Architect – Professional; Azure Solution Architect or Azure Security Engineer Associate.

Why join us

"We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status".