Public Cloud Security Risk Officer

Role/Job Description

***
*** 2. Control and report on the Landing Zone security as described and the security controls for example NIST cloud controls**
*** 3. Control and report (with the support public Cloud CSRO lead) on the security of CSP service on the Group Catalog.**
*** 4. Handle security alerts (Skynet) or incident.

*** ** Manage IT risk and SSI compliance**:
*** Frame and plan**:
*** - Contribute to the drafting of policies/ Group standards on the ISS in connection with its functional scope; if necessary,**
*** define and maintain local procedures / good practices to meet the specificities of his department.**
*** - Participate in the definition of the ISS strategy and roadmap for its functional scope, in collaboration with the GTS CISO**
*** and the ISS sector.**
*** of controls, etc.), ensuring that funding and commitment are secured from the teams involved.**
*** - Contribute to the updating of permanent control policies (update of the library of normative controls...)**
*** Implement**:
*** - Ensure the management of security projects initiated directly by and for its department of attachment.**
*** - Support the deployment of security projects initiated by the Group and/or GTS within its functional scope and participate**
*** in the governance of these projects.**
*** - In general, as a security expert, provide an advisory role vis-à-vis the projects deployed within his department of**
*** attachment**
*** - Evaluate and manage the treatment of IT risks in all new projects or infrastructures within its scope (integration of security**
*** in projects, ISORP processes).**
*** - Enforce Group policies / standards and/or procedures / good security practices within its department.**
*** - Validate and monitor security exemptions (exceptions, RAF...).**
*** - Lead the resolution of security incidents and contributeto post-mortem investigations of security incidents.**
*** - Lead the remediation of critical vulnerabilities in coordination with technical teams, SOC and CERT.**
*** - Maintain the IT security risk assessment of products / services / infrastructures of its functional scope (update ASA /**
*** ARA / USF...) and associated repositories;**
*** - Monitor and coordinate (project not led by the OSM) the treatment of security risks of products / services / infrastructures**
*** of its functional scope.**
*** - Monitor and coordinate the timely closure of audit recommendations (internal / regulators), if necessary, intervene in**
*** support of operational teams.**
*** Communicate**:
*** - Communicate regularly on the IT risks of its scope and on the mitigation plan undertaken.**
*** - Communicate on the status of security audits (internal audit / regulators) as well as plans for handling recommendations.**
*** - Communicate on its activities (definition of relevant KPIs / KRI) and on points of attention or security alerts.**
*** - In the event of detection of a security anomaly on its functional perimeter, exercise as soon as possible a duty of alert vis à-vis the CISO GTS and his hierarchy.**
*** - Disseminate within the department of attachment all changes to the policies / Group standards or decision of the ISS**
*** sector in connection with the activities of its functional scope.

Work location:
*** **Bangalore

:
Work Experience:
10 to 19 yrs

Background and Requirement:
**1. Bachelor's degree in computer science, information technology, or a related field. Relevant certifications (e.g., CISSP,**

**CISM, CRISC) are preferred.**

**2. Proven experience in information system security management, risk assessment, and security operations.**

**3. Strong knowledge of security controls, regulatory requirements, and industry best practices.**

**4. Someone who understand public cloud model, strategy and public cloud risks surface**

**5. Familiarity with NIST standards or equivalent and PEN test tools**

**6. Excellent communication skills, including the ability to communicate complex security concepts to both technical and**

**non-technical stakeholders.**

**7. Experience in managing team of Security Analyst/Leads**

**8. Proactive approach to identifying and mitigating security risks.**

**9. Ability to work collaboratively in a team environment and contribute to a positive work culture.**

**10. Strong organizational and project management skills, with the ability to prioritize and multitask effectively.**

**11. Up-to-date knowledge of emerging security threats and trends.**

**12. Experience in financial services or a regulated industry is a plus