The Role would be responsible for working with the internal ISG stakeholders, Enterprise Security Architects, Application Owners & other Application Team members and other key stakeholders to ensure data-centric security and protection controls of the organization are designed by the technology team, and reviewed for design effectiveness from architecture security perspective. She/he is expected to be aware of new technologies, underlying secure configuration requirements, keep abreast of risks and corresponding secure configurations, and create and maintain ISG documents and versioning.
The Security Controls Assessor/ Associate Security Architect is expected to review and assess the security of applications, APIs, enterprise solutions, and application architectures in design and during/before implementation. In the journey, while the vulnerabilities and security assessment/testing teams will independently be carrying out their tests, this role is expected to stay abreast of, and at times collaborate with these teams to improve the architecture security and application security aspects.
Roles & Responsibilities:
- Act as project executive and carry out Annual Security Architecture
- Reviews/other projects as assigned to the team on annual basis.
- Follow up and carry out IDR requests with the Application IT.
- Owners/PMs/SPOCs, maintain escalation matrix and touch points.
- Conduct application security audits to identify and mitigate security. vulnerabilities in web applications, mobile applications, and other types of software.
- Perform API security audits/reviews to assess the security of APIs and ensure that they are properly designed and implemented.
- Conduct security reviews of enterprise solutions, such as Kafka and Apache NiFi, to identify and mitigate security risks.
- Develop and maintain security checklists and procedures for application security audits, API security audits, and enterprise security assessments.
- The Security Controls Assessor will also be plan, execute, and oversee:
- Develop security compliance processes and/or audits for external services (e.g., cloud service providers, specific platforms, products, underlying infrastructure, etc.).
- Review and provide inputs to update security documentation reflecting the application/system security design features as required.
- Track projects and reviews through management and maintenance of relevant findings, trackers, responses, and timelines from IT/implementation teams.
- Get initial understanding of the exception requirement by liaising with requestors and stakeholders, and present to the L1 Reviewers.
- Help maintain backup of Security Architecture Reviews (documentation and records) in centralized repository.
- Ensure end-to-end ownership of the raised issues/security risks, assignment of the ownership to various other teams (IT, Security Monitoring, etc.).
- Follow up for pending/expired exceptions.
- Work in close liaison with Business and Info Sec team s Security Operations.
- Work with developers and other IT staff to resolve security vulnerabilities and implement security improvements.
- Stay up to date on the latest security threats and vulnerabilities.
- Represent ISG Security Provision/Security Architecture teams in IT processes like Change Management and review for completeness of record evidence that may be incorporated into Application Go-live process by the Change Management team of IT.
Education Qualification: Graduation: Bachelor s in Engineering / Technology / Maths / Commerce / Arts / Science / Biology / Business / Computers / Management
Post-graduation: MBA / PGDM / Technology
Experience: 5 to 10 years of experience in Information/cyber security.
