Public Cloud Security Risk Officer - Bengaluru, India - PeopleLogic

    PeopleLogic
    PeopleLogic Bengaluru, India

    2 weeks ago

    Default job background
    Description

    Role/Job Description

    1.Control and report on security by design principle of applicationshosted on the public cloud (Azure and AWS)
    2.Control and report on the Landing Zone security as described andthe security controls for example NIST cloud controls
    3.Control and report (with the support public Cloud CSRO lead) on thesecurity of CSP service on the Group Catalog.
    4.Handle security alerts (Skynet) or incident.

    Manage IT risk and SSI compliance:
    Frameand plan:
    Contribute to the drafting of policies/ Group standards on the ISSin connection with its functional scope; ifnecessary
    defineand maintain local procedures / good practices to meet thespecificities of his department.
    Participate in the definition of the ISS strategy and roadmap forits functional scope in collaboration with the GTSCISO
    andthe ISS sector.
    Define and validate roadmaps for the implementation of IT risktreatment plans (application of standardsimplementation
    ofcontrols etc.) ensuring that funding and commitment are securedfrom the teams involved.
    Contribute to the updating of permanent control policies (update ofthe library of normative controls...)
    Implement:
    Ensure the management of security projects initiated directly byand for its department of attachment.
    Support the deployment of security projects initiated by the Groupand/or GTS within its functional scope andparticipate
    inthe governance of these projects.
    In general as a security expert provide an advisory role vis visthe projects deployed within his departmentof
    attachment
    Evaluate and manage the treatment of IT risks in all new projectsor infrastructures within its scope (integration ofsecurity
    inprojects ISORP processes).
    Enforce Group policies / standards and/or procedures / goodsecurity practices within its department.
    Validate and monitor security exemptions (exceptions RAF...).
    Lead the resolution of security incidents and contributetopostmortem investigations of security incidents.
    Lead the remediation of critical vulnerabilities in coordinationwith technical teams SOC and CERT.
    Maintain the IT security risk assessment of products / services /infrastructures of its functional scope (update ASA/
    ARA/ USF ...) and associated repositories;
    Monitor and coordinate (project not led by the OSM) the treatmentof security risks of products / services /infrastructures
    ofits functional scope.
    Monitor and coordinate the timely closure of audit recommendations(internal / regulators) if necessary intervenein
    supportof operational teams.
    Communicate:
    Communicate regularly on the IT risks of its scope and on themitigation plan undertaken.
    Communicate on the status of security audits (internal audit /regulators) as well as plans for handling recommendations.
    Communicate on its activities (definition of relevant KPIs / KRI)and on points of attention or security alerts.
    In the event of detection of a security anomaly on its functionalperimeter exercise as soon as possible a duty of alert vis vis theCISO GTS and his hierarchy.
    Disseminate within the department of attachment all changes to thepolicies / Group standards or decision of theISS
    sectorin connection with the activities of its functional scope.

    Worklocation::

    Bangalore

    :WorkExperience:

    10 to 19yrs

    Background and Requirement:

    1.Bachelors degree in computer science information technology or arelated field. Relevant certifications (e.g.CISSP

    CISM CRISC) are preferred.

    2.Proven experience in information system security management riskassessment and security operations.

    3.Strong knowledge of security controls regulatory requirements andindustry best practices.

    4.Someone who understand public cloud model strategy and public cloudrisks surface

    5.Familiarity with NIST standards or equivalent and PEN test tools

    6.Excellent communication skills including the ability to communicatecomplex security concepts to both technicaland

    nontechnical stakeholders.

    7.Experience in managing team of Security Analyst/Leads

    8.Proactive approach to identifying and mitigating security risks.

    9.Ability to work collaboratively in a team environment andcontribute to a positive work culture.

    10.Strong organizational and project management skills with theability to prioritize and multitask effectively.

    11.Uptodate knowledge of emerging security threats and trends.

    12.Experience in financial services or a regulated industry is aplus

    Cyber-security,cloud security,RiskAssessment,risk management