Job
Description
Role & responsibilities Responsibilities: We are seeking a cloud security expert for Cloud Security and Risk Officer (CSRO) role who can contribute towards the strategic direction of public cloud native services usage and security, processes, tools, and risk management. Individual must have a hands-on experience with Azure Native Services such as VNET, VPC, Express Route, Direct Connect, VM, EC2, Storage Accounts, S3 etc. Profile Required: Experience: 5 to 10 yrs Skills Required Strong understanding of cloud technologies and platforms: Azure[PRIMARY REQUIREMENT] AND AWS or both(preferred). Strong understanding of cloud technologies and platforms: Azure security(Primary requirement) and/or AWS; if both(preferred). Understanding and hands-on experience of cloud native service such as Microsoft Entra ID,Defender for Cloud,Azure Key Vault,Azure Monitor, Azure DevSecops and Azure Networking etc. Should have conducted cloud security assessments and configuration reviews as per industry best practices. Should have understanding of Azure conditional access policies. Familiarity with industry-leading standards and frameworks such as ISO 27001, NIST, CSA CCM, CIS benchmarks to help clients adhere to compliance requirements. Knowledge and experience of Risk Management Lifecycle (Risk Identification, Risk Assessment, Risk Response, & Reporting) Work with architects, administrators, and developers to plan and validate cloud services to meet security and compliance requirements Conduct security risk analysis and implement cloud security solutions to meet stakeholder needs. Experience with Cloud Security Solution such CNAPP, CWP, CSPM solutions. Knowledge and experience in defining cloud security policies and frameworks for organizations. Effective written and communication skills. Strong sense of ownership, urgency, and drive. Should have the ability to work independently. Demonstrate teamwork and collaborate with other teams to ensure clients cloud environment is secure. Key Responsibilities Optimize and enhance the existing cloud security risk evaluation model. Engage in cloud security architecture discussion with different capabilities and BU. Update and document security controls as part of the public cloud expertise team. Assess AWS and Azure native services for risk and suggest controls to mitigate the risk. Present the risk assessment to various BUs in community forum for suggestions and recommendations. Recommend changes to existing policies and procedures based on emerging threats or vulnerabilities. Build and enforce a hardening checklist that incorporates industry best practices for public cloud security. Provide design-time review and guidance to teams involved in building and deploying solutions on public, private, or hybrid cloud environments, emphasizing security by design principles. Validate and communicate the hardening of services, assessing the maturity of applications, services, and infrastructure against the defined security framework. Support the development team on bugs reported by consumer of the cloud services. Engaged with different Business Units to understand the different use cases on how the CSP Services shall be consumed. Monitor operations and propose functional improvements within the scope of security framework and risk analysis. Collect evidence and perform technical and functional acceptance tests for "infrastructure and service hardening" projects. Holistic experience and view on Cloud Management and Governance. Contributing to security architecture interventions in business specific process for acquiring and developing new technology Contributing to the development and reporting of metrics for the Secure Design team, within the broader Security Architecture function Certification (good to have) : Azure Solution Architect or Azure Security Engineer Associate. AWS Solutions Architect – Associate; AWS Solution Architect – Professional; Specific Context Strong understanding of cloud technologies and platforms: Azure security(Primary requirement) and/or AWS; if both(preferred). Understanding and hands-on experience of cloud native service such as Microsoft Entra ID,Defender for Cloud,Azure Key Vault,Azure Monitor, Azure DevSECops and Azure Networking etc. Should have conducted cloud security assessments and configuration reviews as per industry best practices. Should have understanding of Azure conditional access policies. Familiarity with industry-leading standards and frameworks such as ISO 27001, NIST, CSA CCM, CIS benchmarks to help clients adhere to compliance requirements. Knowledge and experience of Risk Management Lifecycle (Risk Identification, Risk Assessment, Risk Response, & Reporting) Work with architects, administrators, and developers to plan and validate cloud services to meet security and compliance requirements Conduct security risk analysis and implement cloud security solutions to meet stakeholder needs. Environment At Socit Gnrale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating and taking action are part of our DNA. If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us! Still hesitating? You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices and sharing their skills with charities. There are many ways to get involved. We are committed to support accelerating our Group’s ESG strategy by implementing ESG principles in all our activities and policies. They are translated in our business activity (ESG assessment, reporting, project management or IT activities), our work environment and in our responsible practices for environment protection. Preferred candidate profile Perks and benefits
