Industry - Insurance
Category - IT & Systems
Skills - Application security, SDLC security, penetration testing
Job Type - Permanent
Job Description:
- We are looking for a seasoned leader with over 15 years of experience in Application Security and SDLC security. You will act as key technical resource for internal customers, including top management, regarding security matters related to Secure SDLC.
Client Details :
Our client is a multinational financial services organisation headquartered in Canada.
Description :
- Work closely on Digital Enterprise Projects and initiatives by determining security requirements.
- Conduct security risk assessment and vulnerability assessment for identified areas and applications and guide stakeholders for remediation for identified risks
- Ability to understand various Security platforms and get deep into security aspects and aligning it with organizational initiatives / projects
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Work on planning, implementing, and testing security aspects with the team; preparing security standards, policies, and procedures
- Act as key technical resource for internal customers, including top management, regarding security matters related to Secure SDLC
- Worked with Project managers and assisted in the development of the project roadmap from security standpoint
- Experience in application security framework.
- Experience on various Penetration test findings and help resolve issues with the project teams
- Work with enterprise Projects and teams, assist in the information security requirements during all the phases
- Participates as the Information Security representative in the IT Architecture and similar reviews for business groups to ensure required security controls are present in systems, applications, and processes
- Identify and document risks associated with initiatives involving systems and external vendors in a risk report for distribution to management.
- Align with business requirement, help business achieve objectives while ensuring information security risk is managed to an acceptance level within risk appetite.
- Develop cyber security awareness, engaging with different stakeholders, functions to deliver sustainable cyber security solutions.
- Ensure adherence to global compliance and internal controls
- Manage the security risks identified from information security risk assessments and bring them to closure:
- Tracks information security related risks and corresponding action plans with dues dates to ensure that the issues are resolved. Works with the respective business and/or technology owner if dates are not met. Provides reports to the management team outlining the status of information security risks within the organisation.
- Periodic report on risks for supported lines of business.
- Subject matter expertise on security to drive discussions on Security Architecture, Application Security, Cyber Security, network security, network architecture, strategy
- Provides security consulting services to the rest of the organization which includes Sun Life business groups in Asia, and peers within Enterprise Services:
- Provides support to business groups by suggesting ways to improve security by implementing security controls
- Provide support in technical security reviews of network, vendor solution, web applications, mobile applications, cloud infrastructure, API security etc. Evaluate the adequacy and effectiveness of policies, procedures, technological controls, internal controls, existing threats.
- Assess the primary controls, compensating controls and identify the associated risk and recommended measures.
- Responsible for security compliance to the requirements and industry standards
- Assess the exception request in the security configuration and application for various platforms and application vulnerabilities and respond with appropriate recommendation.
- Assess the adequacy of cloud security controls based on solutions.
- Manage and evaluate the regulatory compliance requirements for the in scope testing.
Profile :
You should have: 15+ years of experience in IT security
Required certification : CISA/ CISSP
- Collaborates effectively and Communicates Confidently
- Should have sound and in depth knowledge and rich experience of information security assessment, Application Security, Security Architecture, vendor technology review, in house assessments , and deep understanding of security management controls and risk reviews.
- Experience in network, application, cloud, and security technology.
- Sound knowledge of cyber security frameworks, NIST, ISO, PCI
Job Offer :
- Leadership role
- Attractive compensation
- Ownership/Accountability
Agile environment
To apply online please click the 'Apply' button below. For a confidential discussion about this role please contact Srishti Satrawla on +91 124 452 5475.
For your candidature to be considered on this job, you need to apply necessarily on the company's redirected page of this job. Please make sure you apply on the redirected page as well.