SBI
Website:
sbicard.com
Job details:
Assistant Vice President - Cloud Security Architect
Role Purpose
Responsible for planning and coordinating with IT and business functions on security architecture & design principle to supports the maintenance of information security, ensuring the integrity, availability & confidentiality of SBI Card internal and customer’s information hosted in cloud. The role is also responsible for assuring that all technology solutions and services being delivered are compliant with our ISMS and that all exceptions and risks are documented and managed.
Role Accountability
Cloud Security Architecture
- Lead the design and development of Azure and AWS security architectures for protecting PII/PCI data deployed into different types of cloud and cloud/hybrid systems
- Lead the security vision and strategy around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS)
- Serve as the central point of contact for Enterprise Security for other Technology teams within the organization for all matters related to cloud security
- Design and develop security architectures for cloud and cloud/hybrid based systems. Possess a firm understanding of the offerings within Amazon Web Services (AWS) and the Microsoft Azure platforms
- Design and implement cloud-native architectures and designs that will allow those requirements to be met with a minimal degree of risk to Organization and with appropriate security controls present
- Represent Security Platform in development and implementation of the overall enterprise cloud architecture
- Act as the ambassador and senior technical representative for Enterprise Security while engaging with other senior technical leaders throughout organization in design and implementation of cloud and cloud/hybrid based implementations and solutions
- Works with IT Infrastructure Services, and Application Development organizations to choose appropriate technology solutions and facilitates complete integration into the company environments
- Develop standards in partnership with Engineering, Infrastructure Services, and Application Development.
- Lead initiatives designed to share knowledge across Security Platforms and/or Technology teams, identify, recommend, coordinate and deliver timely knowledge to support teams regarding technologies, processes or tools
- Oversees the development and maintenance of the information security strategy and develop and execute strategies to increase Cloud Security knowledge throughout the enterprise
- Ensures the effective translation of the security architecture is implemented into the solutions
- Assist to evaluate all the new initiatives/solutions (including Cloud) with the design recommendations and work with project managers and architects during implementation
New Technology & Risks
- Evaluate and recommend tools and solutions to enhance the security posture of the Enterprise
- Maintain contact with vendors regarding security system updates and technical support of security products
- Perform cost-benefit and risk analysis- Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks
Project Management
- Lead project implementation for Information risk management projects
- Ensure integration of security requirements in project design, timely and high quality delivery of projects
- Partner with SecOps to develops operational run book to ensure smooth transition post implementation
- Liaison with IT teams and other biz functions to ensure security is engaged in all projects
- Ensure process documentation and compliance adherence
Measures of Success
- Successful implementation/ adoption of any new solution, technology or framework
- Timely and in- budget delivery of security projects specifications within time and budget
- Timely delivery of Cloud Security Architecture covering all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS)
- Process Adherence as per MOU
Technical Skills / Experience / Certifications
- Knowledge of enterprise IT Systems, infrastructure and security technologies
- Knowledge of Information Security Standards like ISO 27001, PCI-DSS, NIST CSF, CSA framework etc.
- Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.)
- Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc.) preferred
- Experience architecting solutions within Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), VMware NSX, Oracle etc.
- Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes such as secure software development, Application Security, data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments
- Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies
- Experience with enterprise applications (architecture, development, support, and troubleshooting)
- Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies
- Working knowledge of compliance frameworks and security management standards (e.g., ISO 27001, NIST CSF, CIS etc.)
- Experience with enterprise architecture and working as part of a cross-functional team to implement solutions
- Industry standard certifications such as CISSP, CISM, CCSP, CEH, CHFI, Cloud security, ISO27001, SABSA, TOGAF, AWS, Azure etc.
Qualification
Graduate in IT/Computer Science or equivalent
Preferred Industry
BFSI / NBFC /E-commerce/IT & ITES / Telecom
Click on Apply to know more.