Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Security Delivery Governance
Good to have skills : NA
Minimum 12 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary: As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities: - 1. Identity and Access Management (IAM) IAM ensures that only authorized individuals have access to the systems and data they need to perform their job functions. Proper governance ensures compliance with security policies, legal regulations, and business requirements. Key Aspects: Identity Lifecycle Management: Governance involves defining policies for how identities are created, modified, and deleted. This includes managing user access rights and ensuring that users have appropriate permissions for their roles. Authentication and Authorization: Governance ensures that access is properly authenticated (e.g., multi-factor authentication) and authorized based on role-based or attribute-based access control. Compliance: IAM governance helps organizations adhere to industry regulations (e.g., GDPR, HIPAA) by enforcing policies around data access and ensuring that sensitive information is adequately protected. Audit and Monitoring: Regular audits and monitoring help ensure that access is being granted according to policy, and that improper access is flagged and remediated. 2. Security Operations Center (SOC) A SOC is responsible for detecting, analyzing, and responding to security incidents and events in real-time. Governance in this area is crucial to ensuring that the SOC operates efficiently, effectively, and in line with corporate and legal requirements. Key Aspects: Incident Response: A key element of governance in SOC is ensuring that incident response procedures are well-defined, tested, and followed when a security breach or anomaly is detected. Monitoring and Detection: Ensuring that SOC uses appropriate tools (e.g., SIEM, IDS/IPS) to monitor network traffic and detect suspicious activities in real-time. Compliance and Reporting: The SOC must generate reports for regulatory compliance (e.g., PCI-DSS, NIST) and provide visibility into the organization's security posture. Continuous Improvement: Governance includes reviewing the performance of SOC teams, assessing incidents, and refining processes to improve the security posture over time. 3. Network Security (NetSec) Network security governance focuses on protecting an organization's network infrastructure from internal and external threats. Proper governance ensures that network security policies are in place, enforced, and continuously reviewed. Key Aspects: Firewall and Perimeter Security: Ensuring that the network perimeter is adequately secured by firewalls, intrusion prevention systems (IPS), and other technologies. Network Segmentation: Governance involves defining policies around network segmentation to limit the spread of threats and control traffic flow. Encryption and Data Protection: Ensuring that sensitive data in transit and at rest is encrypted, and that secure communication protocols are enforced. Vulnerability Management: Network security governance requires regular vulnerability assessments and patch management to address known threats and weaknesses. Security Delivery Governance Framework To ensure effective security governance across IAM, SOC, and NetSec, a comprehensive framework should include: Policies and Procedures: Clear, actionable security policies, procedures, and guidelines must be established and regularly updated. These should cover all aspects of IAM, SOC, and NetSec. Risk Management: Regular risk assessments to identify vulnerabilities and mitigate them proactively. This involves continuous evaluation of potential threats and alignment with the overall risk tolerance of the organization. Compliance and Legal Requirements: Governance must ensure that all activities related to IAM, SOC, and NetSec are compliant with relevant laws and regulations, such as GDPR, HIPAA, PCI-DSS, and more. Incident Management and Response: Well-defined processes for responding to incidents that include communication protocols, escalation procedures, and documentation to ensure compliance and improvement. Auditing and Reporting: Regular audits should be conducted across IAM systems, SOC operations, and network security controls to ensure compliance with the organization’s security policies and regulatory requirements. Continuous Monitoring and Improvement: An ongoing process of reviewing and refining security strategies, implementing new technologies, and training staff to adapt to emerging threats. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Delivery Governance. - Strong understanding of security architecture principles. - Experience in implementing security controls in cloud environments. - Knowledge of regulatory compliance requirements. - Hands-on experience with security tools and technologies. Additional Information: - The candidate should have a minimum of 12 years of experience in Security Delivery Governance. - This position is based at our Bengaluru office. - A 15 years full time education is required.