CSRO

Responsibilities

The Cyber/Cloud Security and Risk Officer (CSRO) aims to contribute to the steering of strategy in terms of public cloud security, technical standards, processes, tools and risk management.

· Defines, publishes and maintains processes for Security Governances, Risk and Compliance (GRC) for public cloud (AWS and Azure)

· Define cyber controls for public cloud platform, whilst adhering to a centralized methodology

· Updating and documenting security controls as an accountable part of the public cloud expertise team (e.g.: code security audit)

· Recommending changes to policies or procedures based on new threats or vulnerabilities identified

· Build and enforce hardening checklist comprises of industrys best practices for public cloud

· Provide design time review and guidance to teams building and deploying solution to public/private/hybrid cloud. (Security by Design)

· Conduct risk analysis and define/monitor associated mitigation/remediation plans

· Validate and communicate on the hardening of services and assess the maturity of application/service/infra against the defined security framework

· Carry out monitoring and propose functional improvements within the scope of intervention (security framework, risk analysis....),

· Collecting evidence and performing technical and functional acceptance tests in the context of infrastructure and service hardening projects,

· Conducting vulnerabilities scans with automated tools (SAST/DAST etc) to identify potential security issues

· Support/advise the operational security teams (Operation Security Manager),

· Security code review on all the developed infra components.

Work location :Bangalore

Work Experience :10 to 15

Background and Requirement :

· Expected Deliverables

· Service/Application/Infra maturity reports (assessment report). Assessment against defined maturity model

· Risk analysis file

· Blueprint and/or technical notes,

Services/Infrastructures security compliance reports based on the controls defined and specified (ex: vulnerability management, code audit,).

Specific Context

· Cybersecurity:

· Security audit and framework (ISO 27001, NIST, PCI-DSS): Intermediate to Expert

· Pentest knowledge (OWASP, methodology, hacking): Intermediate to Expert

· Public Cloud infrastructure & security (AWS, Azure): Intermediate

· Security and Code Audit:

· Amazon Web Application Firewall, Guard Duty, Inspector, IAM Access Analyzer, cloud Trail, Shield, Macie, Config, security Hub

· Azure Security Center, Firewall, DDoS protection, Sentinel, Web Application Firewall (WAF),

· Development knowledge (python, Git, )

• · DevOps tooling and DevSecOps knowledg

Mandatory skills:

• Cyber security
• Cloud security
• risk management
• Risk assessment
• AWS CLOUD
• Azure Cloud