Principal Lead-information Security

The Principal Lead - Information Security is a high visibility role that is responsible for driving the Privileged Account Management PAM Governance and plays a crucial role in Cloud Governance initiatives e g securing AWS Secrets Manager or Azure Key Vault The candidate will be part of a team that establishes supports and continuously improves the enterprise information security policies practices and standards This role will participate in on-going operational activities that serve to establish appropriate access to and provide the appropriate protection confidentiality integrity and availability of enterprise systems and data through effective security controls This role is also responsible for validating compliance with policies and standards that keep applications and infrastructure safe and secure from vulnerabilities Key Responsibilities Major Areas of accountability Information Security Governance Identity Access Governance Policy Procedure Management and Enforcement Reporting Metrics Incident Management Education Provide timely and effective operational support for the firm s information security tools processes and practices in the Identity space Use standard technology monitoring tools to monitor assigned environments and or technical assets and identify detect behavior outside of established standards Escalate key security issues to the appropriate team to be addressed Assist with security assurance testing activities Monitor compliance with information security and identity policies and practices and any applicable laws Assist with internal and external security risk assessments risk analysis and application or system-level access reviews and attestations Coordinate facilitate access and entitlement reviews for individual applications business lines and the enterprise at-large Assist with the research development continuous improvement and implementation of identity policies procedures standards and processes based on compliance requirements and industry best practices Document the identity governance requirements processes and procedures Enforce information security and identity policies and procedures by reviewing violation reports investigating possible exceptions and documenting controls Prepare status reports on identity and access matters that are used for a variety of purposes - tracking and monitoring security breaches forensic investigative activities remediation plan management and risk management compliance reporting Effectively manage and prioritize ad-hoc reporting requests scorecards and standard departmental reporting Coordinate with internal team and external auditors to provide documentation of compliance assessments support and remediation activities Maintain and develop knowledge of identity access management trends new identity technologies and best practices Conduct security and industry specific research to keep self and the firm abreast of the latest security issues and regulatory developments that may impact existing policies procedures and practices Participate in information security education training and awareness activities for technology and business teams Location Gurugram Noida Hyderabad Shift Timings 2 00 -10 30 pm Cab Provided Yes Required Qualifications Bachelor s degree in Computer Science Management Information Systems or related technical field or equivalent work experience 10 years of experience in Information Security Services or related technical field Work experience that spans the Identity Access Management or Governance Risk and Compliance security domains Working knowledge of information security and computer network system access technologies Experience working in the financial services industry or other highly regulated compliance-oriented environments Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms Very good understanding of security controls monitoring systems and regulatory business drivers that impact security policies and practices Working with business users on platform related questions issues The successful candidate will need to demonstrate proficiency in atleast one of below verticals Privileged Account Management Capabilities Services and Processes using tools such as CyberArk and or Competitor tools like Delinea Arcon BeyondTrust Hashicorp At least one of the following Cloud Governance technologies AWS Azure GCP with experience in securing key services such as AWS Secrets Manager or Azure KeyVault In addition the successful candidate will need to meet below requirements Interested in gaining broad experience in Information Security Services must have First level knowledge and or demonstrated technical ability to understand code and technology infrastructure in multiple environments with experience in the below languages Powershell Python Regular expressions-based programming Demonstrated basic understanding of the Software Development Lifecycle SDLC and programming development procedures Effective oral and written communication skills along with logical analytical and abstract thinking skills Strong attention to detail follow-through and time management skills Demonstrated aptitude to quickly learn and apply new tools and processes Defining business user and systems requirements Developing user acceptance test plans Developing document test and modify new and existing code Developing working knowledge of systems and processes Business Analysis Building Process Flows Presentations Creating and Delivering Risk Identification and Remediation Project Management Project Coordination Reporting SQL queries to databases Correlation ITIL Change Problem Incident Configuration Management Preferred Qualifications Basic knowledge and experience with Operating Systems Windows UNIX Mainframe etc Directories LDAP Constructs Active Directory Oracle etc Databases RDBMS Constructs Oracle SQL DB2 MS SQL Server etc Authentication Authorization Constructs Directory Hybrid Native Source Data Formats XML CSV etc Identity Access Governance Capabilities o Role Based Access Controls RBAC o Provision De-Provisioning o Access Request Privileged Access Credential Management Privileged Access Management Suites o CyberArk Development Programming Scripting o SQL for Oracle or MS SQL o Java EE Compliance Types GLBA HIPAA IT Compliance NERC PCI SOX etc Service Organization Controls SOC1 SOC2 About Our Company Ameriprise India LLP has been providing client based financial solutions to help clients plan and achieve their financial objectives for 125 years We are a U S based financial planning company headquartered in Minneapolis with a global presence The firm s focus areas include Asset Management and Advice Retirement Planning and Insurance Protection Be part of an inclusive collaborative culture that rewards you for your contributions and work with other talented individuals who share your passion for doing great work You ll also have plenty of opportunities to make your mark at the office and a difference in your community So if you re talented driven and want to work for a strong ethical company that cares take the next step and create a career at Ameriprise India LLP Ameriprise India LLP is an equal opportunity employer We consider all qualified applicants without regard to race color religion sex genetic information age sexual orientation gender identity disability veteran status marital status family status or any other basis prohibited by law Full-Time Part-Time Full time Timings 2 00p-10 30p India Business Unit AWMPO AWMP S President s Office Job Family Group Technology