Cloud Security Manager - AWS/Azure (7-9 yrs)

Responsibilities :

- To manage Information Security related to Cloud-based setup (Azure, WVD, AWS).

- To conduct Internal Audits.

- To carry out vulnerability assessments and identify systemic security issues based on the analysis of vulnerability reports.

- To apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, and non-repudiation).

- Review and Analyse various Cloud Security requirements and advise on implementation.

- Be a Change Approver for Cloud Security requirements.

- Prepare and Publish Security Advisory Notes, InfoSec Awareness mailers, etc.

- Develop and maintain documents (policies, procedures, templates), records, and templates related to Cloud Security Periodic review of policies, procedures, and templates.

- Promoting awareness related to Information Security.

- Communicate Policies, Procedures, and Templates to stakeholders.

- Preparing Audit Schedules / Plans, Conduct Internal Audits periodically, and Publish Reports and tracking till closure.

- Initiate necessary corrective and preventive action.

- Periodically Measure and Monitor Cloud Security KPI.

- Prepare Management Review Meeting Reports and plans; Schedule and conduct periodic Management Review Meetings.

- Coordinating with Certifying Body.

- Representing the management during various external audits (certification and surveillance audits, client InfoSec audits, etc).

- Ensuring the compliance parameters meet the requirement.

- Reporting to the top management on the performance, opportunities for improvement, issues, non-conformities, Audit reports, etc. related to Cloud Security.

Requirements :

- Knowledge of Azure Security Centre.

- Knowledge of cloud security, cyber security, privacy principles, and security frameworks (e. g., ISO 27001 ISO 27017 ISO 27018 PCI, HIPPA, SOX, etc. ) relevant to confidentiality, integrity, availability, authentication, and non-repudiation.

- Knowledge of vulnerability assessment and penetration testing principles, tools, and techniques.

- Knowledge of ethical hacking principles and techniques.

- Knowledge of computer networking concepts and protocols, and network security methodologies.

- Network protocols such as TCP/IP, Dynamic Host Configuration (DHCP), Domain Name System (DNS), and directory services.

- Network security architecture concepts including topology, protocols, components, and principles (e. g., application of defense-in-depth).

- Knowledge of system administration concepts for operating systems (such as but not limited to Windows and Unix/Linux operating systems) and operating system hardening techniques.

- Knowledge of data backup and recovery concepts.

- Knowledge of cyber threats and vulnerabilities.

- Knowledge of social engineering techniques. (e. g., phishing, baiting, tailgating, etc. ).

- Knowledge of risk management processes (e. g., methods for assessing and mitigating risk).

- Knowledge of Application Security Risks (e. g., Open Web Application Security Project (OWASP) Top 10 list).

- Skill in managing the Cloud Security framework of the organization which includes the following: creating and updating Policies, Procedures, and Guidelines.

- Skill in the use of vulnerability assessment and penetration testing tools (like Nessus, Qualys, etc).

- Ensure periodic activities, reviews, and audits are carried out and track action items with various service teams.

- Prepare and publish regular governance reports and Management Reports.

- Skills in identifying positive and false-positive detections.

- Skill in reviewing logs to identify evidence of past intrusions.

- Skill in performing impact/risk assessments.

- Skill to understand the context of an organization's threat environment vis-a-vis vulnerabilities detected.

Soft Skills :

- Very Good English communication (Speak, Read, Write), Report Writing, Analytical and problem-solving skills.

- Ability to work on Microsoft Excel, Word, and PowerPoint.

- Good presentation skills.

- Willingness to Continually Learn.

- Team Player and People Management.

- Certifications (Any Two or more):

- Microsoft Certified Azure Fundamentals.

- Certified Cloud Security Professional (CCSP).

- Certificate of Cloud Security Knowledge (CCSK).

- Certificate of Cloud Auditing Knowledge (CCAK).

Education : Any Graduate in Information Technology.

Experience : 7+ years of experience in managing Cloud Security.