Public Cloud Security Risk Officer

Role/Job Description

1. Control and report on security by design principle of applications hosted on the public cloud (Azure and AWS)
2. Control and report on the Landing Zone security as described and the security controls for example NIST cloud controls
3. Control and report (with the support public Cloud CSRO lead) on the security of CSP service on the Group Catalog.
4. Handle security alerts (Skynet) or incident.

Manage IT risk and SSI compliance:
Frame and plan:
Contribute to the drafting of policies/ Group standards on the ISS in connection with its functional scope; if necessary
define and maintain local procedures / good practices to meet the specificities of his department.
Participate in the definition of the ISS strategy and roadmap for its functional scope in collaboration with the GTS CISO
and the ISS sector.
Define and validate roadmaps for the implementation of IT risk treatment plans (application of standards implementation
of controls etc.) ensuring that funding and commitment are secured from the teams involved.
Contribute to the updating of permanent control policies (update of the library of normative controls...)
Implement:
Ensure the management of security projects initiated directly by and for its department of attachment.
Support the deployment of security projects initiated by the Group and/or GTS within its functional scope and participate
in the governance of these projects.
In general as a security expert provide an advisory role vis vis the projects deployed within his department of
attachment
Evaluate and manage the treatment of IT risks in all new projects or infrastructures within its scope (integration of security
in projects ISORP processes).
Enforce Group policies / standards and/or procedures / good security practices within its department.
Validate and monitor security exemptions (exceptions RAF...).
Lead the resolution of security incidents and contributeto postmortem investigations of security incidents.
Lead the remediation of critical vulnerabilities in coordination with technical teams SOC and CERT.
Maintain the IT security risk assessment of products / services / infrastructures of its functional scope (update ASA /
ARA / USF ...) and associated repositories;
Monitor and coordinate (project not led by the OSM) the treatment of security risks of products / services / infrastructures
of its functional scope.
Monitor and coordinate the timely closure of audit recommendations (internal / regulators) if necessary intervene in
support of operational teams.
Communicate:
Communicate regularly on the IT risks of its scope and on the mitigation plan undertaken.
Communicate on the status of security audits (internal audit / regulators) as well as plans for handling recommendations.
Communicate on its activities (definition of relevant KPIs / KRI) and on points of attention or security alerts.
In the event of detection of a security anomaly on its functional perimeter exercise as soon as possible a duty of alert vis vis the CISO GTS and his hierarchy.
Disseminate within the department of attachment all changes to the policies / Group standards or decision of the ISS
sector in connection with the activities of its functional scope.

Work location : :

Bangalore

: Work Experience :

10 to 19 yrs

Background and Requirement :

1. Bachelors degree in computer science information technology or a related field. Relevant certifications (e.g. CISSP

CISM CRISC) are preferred.

2. Proven experience in information system security management risk assessment and security operations.

3. Strong knowledge of security controls regulatory requirements and industry best practices.

4. Someone who understand public cloud model strategy and public cloud risks surface

5. Familiarity with NIST standards or equivalent and PEN test tools

6. Excellent communication skills including the ability to communicate complex security concepts to both technical and

nontechnical stakeholders.

7. Experience in managing team of Security Analyst/Leads

8. Proactive approach to identifying and mitigating security risks.

9. Ability to work collaboratively in a team environment and contribute to a positive work culture.

10. Strong organizational and project management skills with the ability to prioritize and multitask effectively.

11. Uptodate knowledge of emerging security threats and trends.

12. Experience in financial services or a regulated industry is a plus