Cloud Security Manager - AWS/Azure

Responsibilities : - To manage Information Security related to Cloud-based setup (Azure, WVD, AWS). - To conduct Internal Audits. - To carry out vulnerability assessments and identify systemic security issues based on the analysis of vulnerability reports. - To apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, and non-repudiation). - Review and Analyse various Cloud Security requirements and advise on implementation. - Be a Change Approver for Cloud Security requirements. - Prepare and Publish Security Advisory Notes, InfoSec Awareness mailers, etc. - Develop and maintain documents (policies, procedures, templates), records, and templates related to Cloud Security Periodic review of policies, procedures, and templates. - Promoting awareness related to Information Security. - Communicate Policies, Procedures, and Templates to stakeholders. - Preparing Audit Schedules / Plans, Conduct Internal Audits periodically, and Publish Reports and tracking till closure. - Initiate necessary corrective and preventive action. - Periodically Measure and Monitor Cloud Security KPI. - Prepare Management Review Meeting Reports and plans; Schedule and conduct periodic Management Review Meetings. - Coordinating with Certifying Body. - Representing the management during various external audits (certification and surveillance audits, client InfoSec audits, etc). - Ensuring the compliance parameters meet the requirement. - Reporting to the top management on the performance, opportunities for improvement, issues, non-conformities, Audit reports, etc. related to Cloud Security. Requirements : - Knowledge of Azure Security Centre. - Knowledge of cloud security, cyber security, privacy principles, and security frameworks (e. g., ISO 27001 ISO 27017 ISO 27018 PCI, HIPPA, SOX, etc. ) relevant to confidentiality, integrity, availability, authentication, and non-repudiation. - Knowledge of vulnerability assessment and penetration testing principles, tools, and techniques. - Knowledge of ethical hacking principles and techniques. - Knowledge of computer networking concepts and protocols, and network security methodologies. - Network protocols such as TCP/IP, Dynamic Host Configuration (DHCP), Domain Name System (DNS), and directory services. - Network security architecture concepts including topology, protocols, components, and principles (e. g., application of defense-in-depth). - Knowledge of system administration concepts for operating systems (such as but not limited to Windows and Unix/Linux operating systems) and operating system hardening techniques. - Knowledge of data backup and recovery concepts. - Knowledge of cyber threats and vulnerabilities. - Knowledge of social engineering techniques. (e. g., phishing, baiting, tailgating, etc. ). - Knowledge of risk management processes (e. g., methods for assessing and mitigating risk). - Knowledge of Application Security Risks (e. g., Open Web Application Security Project (OWASP) Top 10 list). - Skill in managing the Cloud Security framework of the organization which includes the following: creating and updating Policies, Procedures, and Guidelines. - Skill in the use of vulnerability assessment and penetration testing tools (like Nessus, Qualys, etc). - Ensure periodic activities, reviews, and audits are carried out and track action items with various service teams. - Prepare and publish regular governance reports and Management Reports. - Skills in identifying positive and false-positive detections. - Skill in reviewing logs to identify evidence of past intrusions. - Skill in performing impact/risk assessments. - Skill to understand the context of an organization's threat environment vis-a-vis vulnerabilities detected. Soft Skills : - Very Good English communication (Speak, Read, Write), Report Writing, Analytical and problem-solving skills. - Ability to work on Microsoft Excel, Word, and PowerPoint. - Good presentation skills. - Willingness to Continually Learn. - Team Player and People Management. - Certifications (Any Two or more): - Microsoft Certified Azure Fundamentals. - Certified Cloud Security Professional (CCSP). - Certificate of Cloud Security Knowledge (CCSK). - Certificate of Cloud Auditing Knowledge (CCAK). Education : Any Graduate in Information Technology. Experience : 7 years of experience in managing Cloud Security. (ref:hirist.tech)

Location: mumbai, IN

Posted Date: 12/21/2024