Senior Architect, Information Security - Cloud Security Lead
Celestica
Chennai, Tamil Nadu, India
Summary: The Senior Architect, Information Security - Cloud Security Lead will identify and own IT Security initiatives and projects. They work closely with Stakeholders to understand the business (security initiatives and compliance) security requirements and risks and work with IT team to implement. They also ensure IT projects/initiatives are part of Security strategy and within IT roadmap. Detailed Description: Performs tasks such as, but not limited to, the following: Establish and maintain interactive collaboration with IT Security team and Stakeholders and process owners to proactively assess risks Perform Security assessment, evaluate security controls of cloud platforms and cloud deployment Implement and manage security controls protecting the cloud systems and build capabilities against future threats Document Cloud Security Reference Architectures and roadmaps which provide guidance for Security engineering teams Leads the engagements with Stakeholder and IT Security initiatives and projects (including security governance and compliance) Liaise with the enterprise architecture team to ensure alignment between the security initiatives and projects and security architecture Provides consultancy and guidance in all aspects of cloud security Oversee the deployment and maintenance of IT Security solutions and compliance Evaluate general and specific training needs; deliver training to support the control environment & associated control framework; communicate governance & compliance objectives, fostering a compliance & risk aware culture Liaise with Security operation teams on cloud incident resolution, change management, and problem management Knowledge/Skills/Competencies: Strong background in security architecture, security design and defining security frameworks for the enterprise Experience in designing practical security solutions for multi-cloud based platforms, including identity and access management, data protection, cloud platform security and cyber controls Hands-on experience in Cloud (Microsoft Azure/GCP/AWS ) security architecture, security engineering, or equivalent experience with vendor specific cloud certification. Experience of managing Microsoft Azure, AWS Cloud platforms, GCP would be advantageous Experience in Dev-ops practice and tooling, application security threat modelling & data security. Experience in Terraform, Ansible, Azure Blueprints, ARM Templates and Azure policy or equivalent Advanced knowledge of Active Directory, Single-Sign On (SSO), and Federated Identities. Knowledge of IT Penetration Testing Knowledge in IT Risk Management and IT Sox Compliance Knowledge of IT Security Architecture Knowledge of IT Compliance Standards and best practices, IT Security Best Practices and IT Governance and Audit Procedures Knowledge of common information security frameworks and IT controls frameworks, such as ISO/IEC 27001, ITIL, COBIT, NIST Cybersecurity, CIS Controls Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard. Knowledge of global requirements Excellent communication and business writing skills with experience in defining business requirements; ability to communicate security and risk-related concepts to technical and nontechnical audiences Excellent problem resolution and creative problem solving skills Strong customer management skills; ability to clearly articulate the role that IT can play in enhancing customer activities Knowledge of Celestica’s technology, business and IT strategies