Location: Bangalore Role Brief Responsible for protecting the organization’s technology ecosystem through security architecture reviews, risk assessments, and governance. Covers infrastructure, cloud, SaaS, and AI security with focus on the “Protect” function of NIST. Defines and enforces security standards, performs threat modelling, governs KPIs, and ensures secure design and operations across technology initiatives Key Responsibilities: Security Architecture & Risk Reviews • Conduct comprehensive security architecture reviews for infrastructure, applications, and emerging technology initiatives. • Perform cloud security reviews across public, private, and hybrid deployments. • Assess SaaS service risks before onboarding or integration, including vendor security due diligence. • Evaluate technology changes and exception requests for security impact and compliance. Technology Security Governance & Standards • Develop, maintain, and enforce security standards, guidelines, and patterns for technology platforms, applications, cloud, and AI. • Govern security-related KPIs and KRIs; track, report, and drive remediation of gaps. • Ensure compliance with applicable regulations and standards. Threat Modelling & Risk Assessment • Perform threat modelling for new technology solutions, products, and AI/ML systems. • Identify, assess, and document risks; recommend mitigation measures aligned to business needs. • Partner with architecture and engineering teams to embed security by design. Audit & Compliance • Conduct technical security audits of infrastructure, applications, and cloud workloads. • Review security configurations, baselines, and deployment practices to ensure adherence to policy. • Support internal and external audits with evidence, remediation plans, and technical clarifications. AI & Emerging Technology Security • Perform AI security reviews, ensuring compliance with responsible AI and trustworthy AI principles. • Identify AI-specific risks such as model poisoning, data leakage, and bias, and recommend mitigations. Candidates Must Have: Experience: • Around 12-15 years of Cyber security related experience Technical Expertise • Strong experience in security architecture, cloud security (AWS, Azure, GCP), and SaaS risk assessments. • Solid understanding of infrastructure security, application security, and secure design principles. • Experience in threat modelling methodologies • Knowledge of AI security and relevant governance frameworks (e.g., ISO/IEC 42001, NIST AI RMF). • Proven ability to define security standards, guidelines, and technical controls. • Experience in KPI/KRI governance, reporting, and continuous improvement in security programs. • Skilled in conducting change and exception reviews with balanced risk–business alignment. Soft Skills • Strong analytical and problem-solving skills with a risk-based decision-making approach. • Effective communication skills • Ability to influence and drive security culture Certifications • CISSP, CCSP, SABSA, AWS/Azure Security Specialty, or equivalent. • Cloud security certifications (e.g., CCSK, CCSP). • AI governance/security certifications (optional but advantageous).
