Information Security Architect

Job Profile:

Job Title: Cyber Security Architect

Corporate Title: AVP/VP

Experience: 10-15 years

Location: Bangalore

No. of Positions: 1

Role Description:

The Security Architect is a senior manager aligned CISO’s Organisation. Security Architect is responsible to enforce Information Security compliance within their area of responsibility in line with the CISO’s mandate and strategy as well as the Company’s risk appetite. Furthermore, Security Architect are the experts and point of escalation for all IT security related aspects of the IT assets in their area of responsibility. He/She will provide guidance on how to implement technical control aspects and achieve compliance to the related Information Security controls and ensure appropriate handling of any relevant exceptions. In close cooperation with the respective Business Functions they support the business divisions as well as the CIO to comply with Security Controls.

Job Responsibilities:

• Design, build and implement enterprise-class security systems for a production environment.
• Align standards, frameworks and security with overall business and technology strategy.
• Identify and communicate current and emerging security threats.
• Design security architecture elements to mitigate threats as they emerge.
• Create solutions that balance business requirements with information and cyber security requirements.
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
• Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications.
• Train users in implementation or conversion of systems
• Derive the IT Security strategy from the overall Chief Information Security Office (CISO) strategy and requirements and translates this into an operational plan for delivery for their area of responsibility.
• Act as point of escalation for IT Security issues and exceptions.
• In relation to the IT Assets, processes within their scope of responsibility they:
• Drive integration of Chief Information Security Office Initiatives, programs and central solutions and ensure alignment with the departmental portfolios.
• Ensure effective and efficient communication, coordination and implementation of CISO IT Security requirements and decisions.
• Responsible for the adoption of centrally mandated Security Solutions and the maintenance of technical security documentation and compliance to security controls.
• Are the recognized expert in Information Security Policies and procedures and their implementation in relation to technologies.
• Proactively manages IT audits and plan (in co-operation with Director IT) preparation and remediation.
• Ensure appropriate senior management awareness/oversight of follow-up on action items to resolve identified issues, e.G. information security reviews of vendors, audit issue resolution.
• Spearhead independent reviews of IT Security Controls, prioritize identified issues and assesses remediation actions for quality, considering the optimal cost-risk ratio as well the strategically optimal resolution (e.G. Information Security control evaluation and respective follow up activities).
• Verify remediation concepts for critical and systemic issues and monitors their execution according to plan and with quality.
• Partner with key stakeholders (Departmental Info Sec leads and IT team etc.) to act as mediator and subject matter expert for them on Information Technology Security topics. Ensure a common understanding of Information Technology Security risks and their implications for the Group and for their scope of responsibility.

Job Requirements:

• Knowledge of Security architecture, demonstrating solutions delivery, principles, and emerging technologies.
• Designing and implementing security solutions. This includes continuous monitoring and making improvements to those solutions, working with an information security team.
• Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.
• Hands on Servers: Windows. Linux and Unix environment, Container Technology
• Hands on Cloud: AWS, Azure, Container Technology, Automation with Ansible or similar
• Security considerations of cloud computing: They include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks.
• Identity and access management (IAM) – the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources.
• Hands on in 2 or more Cyber Technologies viz. Encryption, Endpoint Security, Application Security, PKI, Firewalls, Virtualization, SIEM/SOAR tools, Vulnerability Scanning, Systems Hardening, Threat and Intel etc.
• Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills
• Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments.
• Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects.
• The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background.

Education / Certification:

• B.Tech./ MCA/ in Computer Science, Computer Engineering, or a comparable education and experience
• In addition, the following education/certification attainment will be beneficial:
• CISSP (Certified Information Systems Security Professional) or equivalent.
• CISM (Certified Information Security Manager) or equivalent.
• Certified/ Trained CISM, ISO27001 Lead etc.
• Comprehensive knowledge on FFIEC, GDPR, MAS, SOC1/2