Job
Description
Principal Duties and ResponsibilitiesWe are focused on helping our valued clients to design and implement large scale transformational programs to manage cyber threats. We enable our clients to define their overall cyber strategy by designing global and pan-enterprise programs that focus on reducing threats, evaluate their priorities, strengths and weaknesses and roll out large scale changes to achieve goals. If dynamic and fast-paced environments, cross-capability exposure, freedom to work and the ability to have a real impact on a rapidly growing team appeals to you, then that is what we are looking for. Youll join an ambitious team of highly motivated security specialists who interface with CIOs, CTOs, CISOs and CFOs in addressing their complex requirements on a day-to-day basis.We are looking for a Data Security expert, with a great eye for risk reduction and continual improvement opportunities. Following are some of the responsibilities that you will handle: Advise clients in understanding the problems and challenges in data security and work collaboratively with them to enhance capabilities Gather requirements, develop use cases, evaluate vendor solutions, develop architecture & design, and test data protection and data security solutions Design people, process and technology solutions to reduce the potential of data compromise Qualifications Bachelors Degree in Engineering MBA Degree from Tier 1 College 6+ years of experience in multiple domains with expertise in Data Security Excellent analytical skills; able to breakdown complex problems, multi-faceted problems with actionable steps Exposure to Cloud and On-prem security requirements ExperienceExposure and knowledge in at least 3 of the following Data Security domains: Data Security Assessment: Develop the Data Security framework, perform the assessment and generate roadmap Data Discovery, Classification, Handling and Inventory: Design Data classification and inventory programs including the use of data discovery tools Define and maintain data classification and labeling policies based on business and regulatory requirements Collaborate with business units to understand data protection needs and ensure the appropriate protection and handling of sensitive data Develop data retention and disposition policies to ensure compliance with retention requirements and relevant regulations. Design Data Classification Schema Information Rights Management (IRM) Design the information rights management use cases Develop the information rights management schema Evaluate the tools available in the market for IRM Design the strategy to implement IRM Develop the user supporting documents to implement IRM Data Obfuscation Design and develop encryption strategy and use cases for the databases, applications, servers, etc. Design PKI, Certificate Management and Key management strategy Map industry best practices around encryption tools like Keyfactor/Hashi Data Loss Prevention Design and develop use cases for DLP across endpoints, network, cloud, etc. Design the DLP rulesets based on the identified use cases Provide a comparative analysis of the DLP solutions and fitment report Identify the ways of circumventing existing DLP controls Develop high-level and low-level design documents Database Activity Monitoring Design the Database Activity Monitoring use cases Evaluate the landscape to ensure coverage for type of databases like Oracle, MySQL, applications, etc. Evaluate the CSPs native solutions and opportunities of integrating with SIEM/PAM etc. Cloud Access Security Broker (CASB) Develop use cases for CASB Evaluate the native CSPs control and develop a comparative analysis Design the several implementation modes of CASB based on the use cases Evaluate integration of CASB with other upstream and downstream solutions Qualifications Key Competencies and Skills Good understanding of Microsoft Purview or similar data governance and protection tools like Varonis, Symantec, ForcePoint, Trellix, IBM Guardium, Boldon James, Titus, etc. Relevant certifications such as Microsoft Certified:Information Protection Administrator or similar credentials would be beneficial CISSP, CISM or related certifications preferred Strong oral and written communication skills Good understanding of information security frameworks like NIST, ISO27K, PCI DSS, CCPA, GDPR, HIPAA, etc. Strong interpersonal and leadership skills Demonstrated ability to analyze and resolve problems Demonstrated ability to lead programs / projects Strong documentation and planning skills. Established project management skills Ability to analyze and interpret data protection metrics and reports to identify trends and potential issues Additional Information Experience in geographies like North America, EU, UK, Japan and Middle East will be good to have.
