Subject Matter Expert - Cyber & Information Security (10-15 yrs)

Lead SME - Cyber Security and Information Security

Location : Pune

Exp : 10+ years

Role Overview :

We are seeking a highly skilled and experienced Cyber Security and Information Security Subject Matter Expert (SME) to strengthen our software company's security posture.

As an SME, you will play a pivotal role in developing and implementing security policies, advising on risk mitigation strategies, conducting security assessments, and guiding teams to adopt best practices in information and cyber security.

The Cyber Security and Information Security Subject Matter Expert (SME) will lead and enhance the security strategies for our software product and platform development initiatives.

As an SME, you will provide expertise in safeguarding our platforms, products, and customer data by developing robust security frameworks, guiding cross-functional teams, and staying ahead of evolving cyber threats.

You will play a critical role in embedding security best practices across the product lifecycle, ensuring compliance, mitigating risks, and maintaining the trust of our clients and stakeholders.

Key Responsibilities :

Strategic Leadership :

- Serve as the primary advisor on all matters related to cyber and information security.

- Collaborate with executive leadership to align security initiatives with business objectives.

- Provide thought leadership in emerging trends, threats, and best practices in cyber security.

Security Operations :

- Develop, implement, and maintain robust information security policies, procedures, and standards.

- Conduct risk assessments, vulnerability scans, and penetration tests to identify potential threats.

- Respond to and lead incident response efforts for security breaches or attacks.

- Oversee the implementation of security technologies, including firewalls, intrusion

detection/prevention systems, and endpoint protection.

- Collaborate with development teams to integrate security measures into the software development lifecycle (SDLC).

- Conduct threat modelling, code reviews, and secure design assessments for software products and platforms.

- Define and enforce secure coding standards, DevSecOps practices, and cloud security policies.

- Ensure platform resilience through robust identity management, encryption, and authentication mechanisms.

Compliance and Governance :

- Ensure compliance with relevant regulations, frameworks, and standards (e.g., VAPT, STQC, SOC2, ISO 27001, NIST, GDPR, HIPPA, CCPA).

- Conduct audits and assessments to evaluate compliance and identify gaps.

- Develop documentation for regulatory and client audits, including risk management plans and business continuity plans.

- Develop and maintain policies, procedures, and documentation to support security audits and client requirements.

Collaboration and Training :

- Work closely with software development, IT, and DevOps teams to integrate security practices into the SDLC.

- Provide training and awareness programs to employees on security best practices.

- Act as a liaison between technical teams and non-technical stakeholders, simplifying complex security

concepts.

- Foster a security-first culture across the organization.

Technology and Innovation :

- Evaluate and recommend security tools and technologies to enhance the company's security

architecture.

- Stay updated on the latest cyber threats and develop proactive measures to counter them.

- Lead initiatives to automate and streamline security processes.

Key Qualifications :

Educational Requirements :

- B. Tech in Engineering (Information Technology/Computer Science or equivalent).

- Additional professional qualifications in Cyber Security, and/or related field (Master's preferred).

Certifications :

One or more of the following certifications :

- Certified Information Systems Security Professional (CISSP)

- Certified Information Security Manager (CISM)

- Certified Ethical Hacker (CEH)

- CompTIA Security+

- GIAC Security Essentials (GSEC)

Experience :

- 10+ years of experience in information security, cyber security, or a related role.

- Proven track record in security operations, compliance, and risk management in a software or IT

environment.

- Hands-on experience with security tools, technologies, and methodologies.

Skills and Competencies :

- Expertise in network security, cloud security, and application security.

- Strong understanding of regulatory compliance and security frameworks.

- Excellent problem-solving and analytical skills.

- Exceptional communication skills, with the ability to articulate complex security concepts.

- Ability to manage multiple projects and priorities in a fast-paced environment.

Preferred Attributes :

- Experience in securing cloud environments (AWS, Azure, or Google Cloud).

- Familiarity with DevSecOps practices and tools.

- Knowledge of advanced threat detection techniques and tools.

Why Join Us ?

- Work with a dynamic and innovative team.

- Opportunities for professional growth and development.

- Competitive compensation and benefits.

- Make a tangible impact by shaping the security landscape of our products and services.

- This role is crucial in ensuring the resilience and integrity of our systems, products, and customer data.

- If you are passionate about cyber security and want to make a difference, we encourage you to apply.