Job Title
IT Security Project SME
Job Grade
(refer to JE)G9A/G9B
Function
Cyber Security
Sub-function
IT Security Projects
Manager’s Job Label
IT Security Engineering
Skip Level Manager’s Label
CISO
Function Head Title
CISO
Location:
Mumbai
No. of Direct Reports (if any)
NA
Business Unit
IT
Job Summary
At Sun Pharma, we commit to helping you “
Create your own sunshine
”— by fostering an environment where you grow at every step, take charge of your journey and thrive in a supportive community.
Are You Ready to Create Your Own Sunshine?
As you enter the Sun Pharma world, you’ll find yourself becoming ‘Better every day’ through continuous progress. Exhibit self-drive as you ‘Take charge’ and lead with confidence. Additionally, demonstrate a collaborative spirit, knowing that we ‘Thrive together’ and support each other’s journeys.”
Areas Of Responsibility
The IT Security Project Subject Matter Expert (SME) is the definitive technical authority assigned to high-priority security projects. This role ensures the technical design, implementation, and quality of security solutions align with organizational standards, security architecture principles, and regulatory requirements. The SME manage the project timeline and accountable for the technical integrity and success of the security outcome.
Technical Authority & Guidance
- Expert Consultation: Serve as the "go-to" expert for one or more core security domains (e.g., Identity and Access Management (IAM), Cloud Security, Data Loss Prevention (DLP), or Security Information and Event Management (SIEM)).
- Architectural Review: Provide critical technical review and sign-off on security project architecture designs, ensuring solutions are robust, scalable, and adhere to the enterprise security framework (e.g., NIST, ISO 27001).
- Technical Decision-Making: Evaluate and recommend security tools, technologies, and vendor solutions, providing unbiased, factual advice to management and business stakeholders.
- Complex Problem Solving: Lead the technical troubleshooting and resolution of complex security challenges encountered during project implementation and post-deployment stabilization.
Project Support & Quality Assurance
- Requirements Translation: Work directly with business and compliance teams to translate complex business needs and regulatory requirements into detailed, actionable technical security requirements for the engineering team.
- Validation & UAT Support: Design and approve the test cases and methodologies for User Acceptance Testing (UAT) and technical validation, ensuring the implemented security controls function as intended.
- Documentation: Create, review, and approve high-quality technical documentation, including configuration guides, standard operating procedures (SOPs), and runbooks for the operational support team.
- Security-as-Code Integration: Guide DevOps and engineering teams on integrating security best practices and automated testing into the CI/CD pipeline for the project deliverables (DevSecOps).
Training & Knowledge Transfer
- Mentorship: Act as a mentor and coach for junior security engineers and analysts on the project team, raising the overall technical competency of the group.
- Knowledge Transfer: Conduct detailed technical workshops and training sessions to transfer project knowledge and support materials to the IT Operations and Security Operations Center (SOC) teams prior to project closure.
Travel Estimate
5%
Job Scope
Internal Interactions (within the organization)
Cyber Security Team, IT Infrastructure Team, Cloud Infrastructure Team, DevOps Team, Applications Team, Business Stakeholders
External Interactions (outside the organization)
Vendor Management, OEMs, Security Service Providers, Cloud Security Service Providers
Geographical Scope
Global
Financial Accountability (cost/revenue with exclusive authority)
NA
Job Requirements
Educational Qualification
Bachelor’s degree in technical field (Computer Science, Engineering, Computer Application, Information Security), BSc IT. Master’s is preferred
Specific Certification
Required Certifications (Specialized): Certifications relevant to the domain of expertise (e.g., SANS GIAC certifications, AWS Advanced Networking/Security, Microsoft Expert certifications, Security OEMs related certifications).Strongly Preferred Certifications (Foundational): CISSP, CISM, or other advanced foundational security accreditations.
Experience
8+ years of experience in Information Security, with 3+ years specifically focused on security architecture design, implementation and operations.
Skill (Functional & Behavioural)
- Proven track record and experience in Information Security Engineering, Architecture, or Operations.
- Deep, hands-on, expert-level knowledge in a specialized security domain (Data Protection, Micro Segmentation, Network Security, Endpoint Security, Application Security, Cloud Security, NGFW, WAF, IAM, PAM, CIAM, CSPM, DSPM, CASB, ZTNA, MFA, EDR, ITDR, SIEM, SOAR, UEBA etc.)
- Expertise in security standards, frameworks, and best practices (e.g., NIST CSF, CIS Controls, ISO 27001).
- Strong experience with technical scripting or automation relevant to the security domain (e.g., Python, Terraform, PowerShell).
- Proven ability to work in a project-driven environment and manage technical deliverables without direct personnel management authority.
- Excellent written and verbal communication skills, with the ability to articulate highly technical concepts to both technical and non-technical audiences.
- Strong analytical and critical thinking skills, capable of dissecting complex security problems into manageable, solvable components.
Your Success Matters to Us
At Sun Pharma, your success and well-being are our top priorities! We provide robust benefits and opportunities to foster personal and professional growth. Join us at Sun Pharma, where every day is an opportunity to grow, collaborate, and make a lasting impact. Let’s create a brighter future together!
Disclaimer:
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees as assigned to this job. Nothing herein shall preclude the employer from changing these duties from time to time and assigning comparable duties or other duties commensurate with the experience and background of the incumbent(s).
