Tata Communications
Website:
tatacommunications.com
Job details:
About The Company
Tata Communications Redefines Connectivity with Innovation and IntelligenceDriving the next level of intelligence powered by Cloud, Mobility, Internet of Things, Collaboration, Security, Media services and Network services, we at Tata Communications are envisaging a New World of Communications
Broad outline of the Role
- We are looking for a highly experienced and strategic Deputy General Manager (DGM) to lead and drive enterprise-wide security initiatives across Application Security, Cloud Security, and AI/LLM Security. The role will be responsible for embedding security across the software development lifecycle, cloud transformation programs, and emerging AI/GenAI use cases.
The ideal candidate should possess a strong mix of
technical depth, governance experience, stakeholder management, and program execution capability to drive initiatives such as
Threat Modeling, DevSecOps, Integrated Security Assurance (ISA), Cloud Security using CSPM, and AI/LLM Security controls.
Minimum Qualifications & Experience
- B Tech or relevant qualification with minimum 11-15 years of relevant experience
Other Knowledge & Skills
- Experience with tools such as Checkmarx, Veracode, Fortify, SonarQube, Snyk, Prisma Cloud, Wiz, Orca, Microsoft Defender for Cloud, or equivalent
- Experience in CNAPP / CWPP / CASB / SSPM
- Exposure to Zero Trust and cloud-native security architectures
- Experience in container security, Kubernetes security, and Infrastructure as Code (IaC) security
- Familiarity with OWASP ASVS, OWASP Top 10, NIST, ISO 27001, CIS Benchmarks
- Experience in BFSI / Enterprise / Global capability center environments
- Knowledge of AI governance frameworks, model lifecycle controls, and responsible AI security practices
- Relevant certifications such as:
- CISSP
- CCSP
- CSSLP
- AWS / Azure Security certifications
- Kubernetes / cloud security certifications
Key Responsibilities
- 1) Application Security Leadership
- Drive enterprise Application Security strategy, governance, and execution across SDLC.
- Lead secure design and Threat Modelling practices for business-critical applications and platforms.
- Institutionalize security-by-design principles across development teams.
- Oversee SAST, DAST, SCA, API Security, secrets management, and code security controls.
- Partner with engineering, architecture, QA, and product teams to embed security early in the lifecycle.
- DevSecOps Enablement
- Drive DevSecOps transformation by integrating security controls into CI/CD pipelines.
- Define policies, standards, checkpoints, and automation for secure code release.
- Ensure vulnerability triage, remediation governance, and risk-based prioritization.
- Build measurable DevSecOps KPIs and security compliance dashboards.
- Integrated Security Assurance (ISA)
- Lead the Integrated Security Assurance (ISA) process across applications, platforms, and cloud initiatives.
- Ensure security reviews, control validations, risk assessments, and closure tracking are governed effectively.
- Standardize onboarding, assurance workflows, reporting structures, and executive visibility.
- Collaborate with audit, compliance, and risk teams for control alignment.
- Cloud Security Governance
- Drive Cloud Security posture management across AWS / Azure / GCP environments.
- Lead implementation and optimization of CSPM and cloud-native security controls.
- Govern cloud risk management covering IAM, misconfigurations, network exposure, data protection, workload security, and container/Kubernetes security.
- Partner with cloud engineering and platform teams to improve security maturity and resilience.
- AI / LLM Security
- Establish security governance for AI/ML and LLM-based initiatives.
- Drive controls around secure usage of Generative AI, LLM applications, prompt/data security, model access, and AI risk governance.
- Work with business and engineering teams to ensure secure adoption of AI tools and platforms.
- Assess threats such as data leakage, insecure plugins, model misuse, prompt injection, access abuse, and insecure integrations.
- Leadership & Stakeholder Management
- Engage with senior leadership, technology teams, architects, developers, cloud teams, and business stakeholders.
- Drive execution across multiple parallel security initiatives and transformation programs.
- Build operating rhythm, governance forums, reporting cadence, and leadership dashboards.
- Mentor teams and build high-performing security capabilities.
Click on Apply to know more.