CSRO

Role/Description.

• Responsibilities
• The Cyber/Cloud Security and Risk Officer (CSRO) aims to contribute to the steering of strategy in terms of public cloud security technical standards processes tools and risk management.
• Defines publishes and maintains processes for Security Governances Risk and Compliance (GRC) for public cloud (AWS and Azure)
• Define cyber controls for public cloud platform whilst adhering to a centralized methodology
• Updating and documenting security controls as an accountable part of the public cloud expertise team (e.g.: code security audit)
• Recommending changes to policies or procedures based on new threats or vulnerabilities identified
• Build and enforce hardening checklist comprises of industrys best practices for public cloud
• Provide design time review and guidance to teams building and deploying solution to public/private/hybrid cloud. (Security by Design)
• Conduct risk analysis and define/monitor associated mitigation/remediation plans
• Validate and communicate on the hardening of services and assess the maturity of application/service/infra against the defined security framework
• Carry out monitoring and propose functional improvements within the scope of intervention (security framework risk analysis....)
• Collecting evidence and performing technical and functional acceptance tests in the context of infrastructure and service hardening projects
• Conducting vulnerabilities scans with automated tools (SAST/DAST etc) to identify potential security issues
• Support/advise the operational security teams (Operation Security Manager)
• Security code review on all the developed infra components.

Work location :

Bangalore

Work Experience :

10 to 15

Background and Requirement :

• Expected Deliverables
• Service/Application/Infra maturity reports (assessment report). Assessment against defined maturity model
• Risk analysis file
• Blueprint and/or technical notes
• Services/Infrastructures security compliance reports based on the controls defined and specified (ex: vulnerability management code audit ).
• Specific Context
• Cybersecurity:
• Security audit and framework (ISO 27001 NIST PCIDSS): Intermediate to Expert
• Pentest knowledge (OWASP methodology hacking): Intermediate to Expert
• Public Cloud infrastructure & security (AWS Azure): Intermediate
• Security and Code Audit:
• Amazon Web Application Firewall Guard Duty Inspector IAM Access Analyzer cloud Trail Shield Macie Config security Hub
• Azure Security Center Firewall DDoS protection Sentinel Web Application Firewall (WAF)
• Development knowledge (python Git )
• DevOps tooling and DevSecOps knowledg

CSRO