Security Architect

Platform Development [INDIA]Information Technology Bangalore, Karnataka


Description

MetricStream is the world’s No. 1 independent GRC SaaS platform simplifying Governance, Risk, and Compliance (GRC) for modern and digital enterprises, and empowering enterprises and organizations worldwide to perform with integrity. Our market-leading enterprise and cloud Apps for GRC enable organizations to strengthen risk management, regulatory compliance, vendor governance, and quality management while driving business performance.

Security Architect

Attract, mentor and lead a global team of DevOps engineers and architects who have built a market-leading GRC and IRM product portfolio deployed at Global, Enterprise, and Mid-Market customers in the Americas, EMEA, and APAC. You will drive technical and strategic vision by clearly articulating ideas and direction to all stakeholders and strive to continuously improve the process of software delivery from estimation to deployment.

Key Responsibilities

  • Support the secure development of MetricStream products by working with multiple product groups in an agile setup
  • Keep yourself up to date on the security aspects of the products, including infrastructure security, application security and cloud security
  • Work with the development teams to conduct threat modelling to the product features and provide necessary security requirements to build a secure product
  • Conduct research on new technologies, security controls, security capabilities
  • Work closely with the Penetration testing teams, providing testing scope and guidance, reviewing test results and communicating results and recommendations to R&D
  • Provide security training sessions and conduct research on relevant security topics
  • Work with the product management, implementation teams to respond to customer security related issues
  • Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit    
  • Producing Architecture artifact as per the reference architecture model followed by the organization like TOGAF, Agile, SABSA etc
  • Provide and review security implementation guidelines to map to enterprise wide security policies and standards

Skills and Experience

  • A minimum of 10 years of experience as a software developer, followed by at least 2-3 years of experience as a systems/security architect
  • Experienced in Implementation, configuration and troubleshooting of various security products/Technologies
  • Experienced in security domains 1) Identity & access management 2) Threat, Vulnerability & Risk management 3) Infrastructure security 4) Security Analytics (Cyber defense) and Cloud and digital security
  • Experience in Designing and implementation of solutions based on SDLC and Agile framework
    incorporating Industry and compliance framework of NIST, ITIL, COBIT, COSO, PCI-DSS, OWASP, NVD, SANS SOX, PCI, MAS, APRA, FATCA, HKMA, ISO27001 etc
  • Strong/enabler Leadership and mentoring, Communication, Presentation and Documentation skills and good project management skills

Education

  • Bachelor’s in Computer Science/Engineering. (Master’s preferred) Two or more technical certifications