Data Security Engineer - InfoSec

Aditya Birla Group -
Maharashtra

Apply Now

Job details

12 days ago

Qualifications

Encryption
Information security
AI
Identity & access management

Full job description

Designation:

Location: India Maharashtra G-Corp Tech Park, Thane

Organization: Financial Services

Job Description:

Job Purpose:

The Data Security Engineer will be responsible for implementing and operating technical controls to protect sensitive, confidential and personal data across Aditya Birla Capital’s technology environment. The role will focus on strengthening enterprise data security capabilities across DLP, data discovery, data classification, encryption, masking, tokenization, access monitoring and secure data handling.

The jobholder will support the security control requirements emerging from regulatory, privacy and business expectations, including the DPDP Act, while ensuring that execution remains within the Information Security domain. The role will work closely with Information Technology, Cloud, Application, Infrastructure, SOC, Business and Privacy teams to identify where sensitive data resides, how it moves, who accesses it, and whether appropriate security controls are in place.

The role will also drive user awareness and operational improvements to reduce accidental or intentional data leakage across users, applications, endpoints, cloud and third-party channels.

Job Context & Major Challenges:

Organizational Context-

Aditya Birla Capital Limited is a part of the global conglomerate Aditya Birla Group, which is in the league of Fortune 500. Anchored by an extraordinary force of over 187,000 employees belonging to 100 nationalities, the Group is built on a strong foundation of stakeholder value creation.

Aditya Birla Capital Limited (“ABCL”) is a listed systemically important non-deposit taking Non-Banking Financial Company (NBFC) and the holding company of the financial services businesses. ABCL and its subsidiaries/JVs provides a comprehensive suite of financial solutions across Loans, Investments, Insurance, and Payments to serve the diverse needs of customers across their lifecycles. Powered by over 60,000 employees, the businesses of ABCL have a nationwide reach with over 1,623 branches and more than 200,000 agents/channel partners along with several bank partners.

ABCL and its subsidiaries/JVs manage aggregate assets under management of over Rs. 5.11 Lakh Crore with a consolidated lending book of over Rs 1.57 Lakh Crore as of March 31, 2025.

Aditya Birla Capital Limited is a part of the US$66 billion global conglomerate Aditya Birla Group, which is in the league of Fortune 500. Anchored by an extraordinary force of over 187,000 employees belonging to 100 nationalities, the Group is built on a strong foundation of stakeholder value creation. With over seven decades of responsible business practices, the Group’s businesses have grown into global powerhouses in a wide range of sectors - from metals to cement, fashion to financial services and textiles to trading. Today, over 50% of the Group’s revenues flow from overseas operations that span over 40 countries in North and South America, Africa, Asia, and Europe.

Job Context & Major Challenges:

Aditya Birla Capital operates in a highly regulated BFSI environment with multiple lines of business, digital platforms, customer journeys, partner integrations, cloud adoption, SaaS platforms and increasing use of AI/GenAI. This results in large volumes of sensitive and personal data being created, processed, shared and stored across a complex technology ecosystem.

The role must ensure that data security controls are consistently implemented across diverse business environments without slowing down business agility or digital transformation. A key challenge is to establish visibility into sensitive data across endpoints, applications, databases, file shares, collaboration platforms, SaaS solutions, cloud workloads and third-party integrations.

Another challenge is to operationalize DLP and data protection tools effectively by reducing false positives, improving detection accuracy, prioritizing high-risk events and ensuring timely remediation. The role must also help address risks from excessive data access, unmanaged data exports, shadow IT, insecure sharing, uncontrolled copies of production data and weak data handling practices.

The jobholder will be expected to work with multiple stakeholders across business, technology, SOC, application, cloud, privacy and compliance teams. The role requires strong execution capability, technical depth, stakeholder management and the ability to translate data security risks into practical control actions.

Key Result Areas:

Key Result Areas

Supporting Actions

Data Loss Prevention Implementation & Operations: Ensure effective implementation, monitoring and continuous improvement of DLP controls across enterprise channels.

Implement and maintain DLP policies across email, endpoint, web, removable media, cloud storage, SaaS and collaboration platforms.
Configure DLP rules for customer data, personal data, financial information, credentials, business confidential data and regulatory-sensitive information.
Monitor DLP alerts and support investigation, triage, escalation and closure of data leakage incidents.
Fine-tune DLP policies to reduce false positives and improve detection accuracy.
Identify repeat offenders, risky departments, high-risk channels and recurring leakage patterns.
Support integration of DLP alerts with SOC/SIEM workflows.
Maintain dashboards on DLP incidents, trends, open actions and control effectiveness.

Data Discovery & Sensitive Data Visibility: Improve enterprise visibility into sensitive and confidential data across structured and unstructured environments.

Shared KRA with privacy team:

Supporting implementation of data discovery tools across databases, file shares, endpoints, cloud workloads, SaaS platforms and collaboration tools.
Identify locations where personal data, customer data, financial data, authentication data and confidential business data are stored.
Support creation of sensitive data inventories from a security controls perspective.
Identify overexposed, stale, duplicate, unmanaged or high-risk sensitive data repositories.
Work with application, infrastructure, cloud and business teams to validate discovery results.
Track remediation of high-risk data stores, including excessive access, open shares and unmanaged exports.
Provide inputs to data owners and privacy teams on discovered sensitive data locations, without owning privacy compliance decisions.

Data Classification & Labelling Controls: Enable classification-led security controls across ABC’s data landscape.

Support implementation of data classification and labelling tools across documents, emails, files and repositories.
Configure classification labels for internal, confidential, restricted, customer-sensitive and regulatory-sensitive data categories.
Enable security controls based on classification, including DLP enforcement, encryption, access restriction and external sharing control.
Work with business and data owners to drive classification adoption.
Monitor classification coverage across critical repositories and user groups.
Identify unclassified or misclassified sensitive information and drive corrective actions.
Support automation of classification wherever feasible.

Privacy Enhancing Technologies & Data Protection Engineering: Implement technical data protection mechanisms to reduce exposure of sensitive and personal data.

Shared KRA with privacy team:

Support implementation of masking, tokenization, anonymization, pseudonymization and encryption controls.
Identify technology use cases where sensitive data exposure can be reduced through PETs.
Work with application, database, analytics and cloud teams to implement data protection controls.
Support controls for production data usage in non-production environments.
Validate whether sensitive data is appropriately protected at rest, in transit and during processing.
Support secure data usage in analytics, reporting, testing, AI/GenAI and third-party integrations.
Coordinate with platform and application teams to improve adoption of encryption, key management and secrets protection.

Data Access Monitoring & Risk Reduction: Reduce risk from excessive, inappropriate or unmanaged access to sensitive data.

Support monitoring of access to sensitive data repositories, databases, file shares, reports and applications.
Identify excessive privileges, dormant accounts, orphaned access and risky access patterns.
Work with IAM, application and business teams to enforce least privilege and need-to-know access.
Support periodic access review exercises for high-risk data repositories.
Monitor bulk downloads, unusual access activity, large data exports and suspicious data movement.
Support database activity monitoring and privileged access monitoring for critical data platforms.
Track remediation of access-related findings and exceptions.

Secure Data Handling Awareness: Improve user behaviour and reduce data leakage through focused awareness and adoption initiatives.

Develop awareness content on secure handling of customer data, confidential data and sensitive business information.
Conduct targeted awareness for users involved in repeated DLP violations or high-risk data handling.
Create short guides on secure email usage, external sharing, cloud storage, removable media, collaboration tools and AI/GenAI data usage.
Use DLP incident trends to design focused awareness interventions.
Partner with HR, Corporate Communications, Business and Technology teams to drive awareness adoption.
Track awareness completion, repeat violations and improvement in user behaviour.
Promote security-by-design thinking for teams handling sensitive data.

Data Security Metrics, Governance & Reporting: Provide actionable visibility on data security posture, control effectiveness and residual risks.

Prepare dashboards covering DLP incidents, discovery coverage, classification adoption, PET implementation and access risk findings.
Track high-risk data security exceptions, overdue remediation items and repeat control failures.
Report data security trends across business units, applications, channels and data types.
Maintain security risk registers for data security control gaps.
Provide inputs for internal governance forums, audits, risk committees and management reviews.
Support evidence collection for control implementation and operating effectiveness.
Identify opportunities for automation in data security monitoring and reporting.

Secure Data Sharing, Cloud & Third-Party Data Controls: Ensure appropriate technical controls are in place for data sharing across internal, cloud, SaaS and third-party environments.

Review security controls for data transfer to vendors, partners, SaaS platforms and cloud environments.
Validate encryption, access control, logging, monitoring and secure transmission mechanisms for sensitive data sharing.
Support third-party risk teams with technical assessment inputs for data security controls.
Identify risks from unmanaged file transfers, public links, open shares, personal storage and unauthorized collaboration platforms.
Support implementation of controls for external sharing restrictions, expiry-based access and watermarking where applicable.
Monitor sensitive data movement to cloud and external domains.
Support remediation of insecure data storage or transfer practices.

Apply Now

Job Description:

Job Purpose:

Job Context & Major Challenges:

Key Result Areas:

Jobseeker tools

Employer Tools

Browse

Stay Connected