Cloud Security Director
Exp: 15 – 22yrs
Work location: Bangalore & Mumbai
Relevant Exp in Cloud Security is 7yrs
The Cloud Security Director is responsible for overall security cloud business globally. This includes managing teams of regional and central resources, implementation of various security projects, policies, processes and controls across cloud.
The role will design, implement and maintain group-wide security program and controls, including policies, procedures and standards in line with industry best practices, various regulatory frameworks and internal policies. The role represents the security expert and evangelist for Cloud.
It will support internal and external (clients, prospects, regulators etc.) stakeholders. The role is a central function but will be working closely with regional security and business stakeholders.
The role will be also working with Product Development and Security teams to provide input into secure design and development of products.
Responsibilities and Accountabilities:
• Define, roll out and maintain group - wide security program for cloud
• Maintain policies, standards, procedures and controls to ensure that business activities and the handling of confidential information and assets is in accordance with policies, regulatory requirements and client contracts.
• Deliver various security projects on time and budget using structured project management methodology
• Ensure standardization and automation of security processes across geographical locations
• Monitor industry trends and implement best practices
• Ensure compliance with all contractual and regulatory requirements related to security
• Work closely with other functions (product, services, internal IT, etc.) to ensure end-to-end security of the SaaS service
• Create a culture of security awareness across, supporting business activities and service delivery to clients;
• Represent security on projects, providing guidance and security advice for the development of products services based on industry and standards;
• Identify and assess security risks and recommend mitigations using industry standard techniques;
• Drive continuous improvement across security and privacy controls.
Skills and Qualifications:
• Minimum 15 years information security experience, most recently in cloud and cyber security areas within a financial services / regulated company
• Must demonstrate both technical and leadership skills
• Strong project management and delivery capabilities
• Ability to get things done by creating partnerships within organization
• Certification in Information Security, for example CCSP, CCSK, CISSP, CISA
• Demonstrable experience in planning, design and implementation of security programs
• Strong understanding of well-known attacks, threats and broader risks related to cloud
• Experience in cloud based technologies and the risks associated with different cloud service models
• Knowledge of industry standards / frameworks such as ISO 27001 / AICPA SOC 2 / PCI-DSS, CSA CCM
• Awareness of various regulatory requirements (APRA, FFIEC, FINMA, BAFIN, OSFI, etc.)