Consultant - Security Architecture and Engineering (SecArch)

About TredenceTredence is a data science and AI engineering company focused on solving the last-mile problem in analytics. We define 'last mile' as the gap between insight creation and value realization. Tredence is now 1,500+ employees strong with offices in Foster City, Chicago, London, Toronto, and Bangalore, serving 30+ Fortune 500 companies in retail, CPG, hi-tech, telecom, travel, and industrials as clients.About ISG: Tredence CISO's office is accountable for Security and Privacy on all aspects of Tredence's internal and Client facing business. The team in charge of Security - the Information Security Group (ISG) - focusses on all elements of Information Security for the organization working collaboratively with stakeholders from across its business. The team provides internal as well as external stakeholders assurance while confidential data is being handled to meet business objectives. ISG takes care of implementing, maintaining and reporting of Information Security and its posture using a combination of Policies, Procedures, Guidelines and Cyber Security technology controls on an ongoing basis. The team comprises of two Groups, 1. Cyber Security Governance, Risk and Compliance (GRC) and, 2. Cyber Security Technical Operations (TechOps) Responsibilities: In this role in SecArch (under the TechOps group), you will partake in strategizing and handling of initiatives related to building and keeping up-to-date all relevant Technical Security Standards (e.g.: Hardening Standards, Encryption Standards etc.) as well as build and maintain the Security Architecture artifacts (e.g.: Framework etc.), and help evolve the Security Architecture and Cyber Security maturity of the Organizationo You will review and sign-off on all relevant IT and IoT changes which can influence the Security Architecture as well as manage exceptions to the sameo You will track and extend / revoke exceptions in a timely manner so as to ensure exceptions are only utilized on a business-need-to-have basiso You will handle supplier technical security due diligence of the products and/or services so as to ensure the assessee has apt set of technical controls as desired - with respect to Confidentiality, Integrity and Availability - before being contracted for work / use with the organization; and similarly in M&A initiatives as and when applicableo You will maintain a constant view of the current security state in the organization so as to ensure adequacy and coverage of technical security controls in the organizationo You will handle initiatives pertaining to systematic detection and mitigation of technical control gaps across the organization on an ongoing basiso From a Security Engineering standpoint, you will partake in the development and implementation of the Security Engineering program in which various implementations of Cyber Security technologies will be undertaken to help protect the organization from Cyber Threats from time to timeo You will work with Security Vendors from initial expectation conversations, RFPs, functional requirements, proof of concepts (POCs) and vendor short listing, UAT, production rollouts, product or platform upgrades as well as ongoing maintenance as requiredo You will keep abreast with the latest events pertaining to the Global Cyber Security Threat landscape so as to consider critical Cyber Security stack upgrades for the organization on priorityo You will ensure control coverage and effectiveness in all solution rollouts in a systematic fashiono You will work closely with Security Architecture team and other relevant stakeholders to obtain a clear understanding of the current Cyber Security posture of the organization and control gaps to help derive the required Security Engineering Strategy and implementation of the sameo You will assist the team in handling Cyber Security budgets for the CISO Office through its entire lifecycle from budget proposals, approvals and periodic tracking and reportingKnowledge expectationso You come with up to 5 years of hands-on working experience in Information Securityo You have good knowledge of various latest Cyber Security technology controls (e.g.: SASE, CASB, anti-APT, EDR, XDR, SIEM, SOAR, UEBA, Threat Hunting, WAF, Firewalls, anti-DDoS, PIM-PAM, Attack Surface Monitoring (ASM) technologies etc.), Enterprise Security Architecture, Cyber Resilience, Cloud Security Strategy and roadmap, and Security Standards not withstanding its applicability on-prem, on-cloud, mobile or on IoT infrastructure paradigmsYou have basic knowledge in various topics in the following areas, such as but not limited to application of Security to Systems, Storage, Compute, Cloud, Networks, Virtualization, Software and OTo You have a fundamental knowledge of applying essential security controls in one or more of the following Cloud platforms - Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP)o You have a basic understanding of various Security Standards and Frameworks such as, but not limited to, Information Security Management System (ISO 27001), Business Continuity Management System (ISO 22301), NIST Cyber Security Framework (NIST), NIST 800-53, PCI DSS, HIPAA, SSAE-18 SOC 1 or SOC 2 and SoX controlsRequired education and certificationsYou are an Engineering graduate, have an equivalent or higher educationo You have acquired one or more of the following certifications - CISSP, CISM, CCSP, ISO 27001 Lead Implementer / Auditor, Azure, AWS and GCP CertificationsSkill expectations and otherso You have great attention to detail, strong communication and collaboration skillso You come with a mix of technical, analytical and problem-solving skillso You come with a mindset of helping improve the Information Security Program at all timeso You are an avid learner which you continuously look at imbibing and applying on the jobo You are a self-starter, a go getter and an innovative thinker with a positive attitud PRB