ZEISS in India
ZEISS in India is headquartered in Bengaluru and present in the fields of Industrial Quality Solutions, Research Microscopy Solutions, Medical Technology, Vision Care and Sports & Cine Optics.
ZEISS India has 3 production facilities, R&D center, Global IT services and about 40 Sales & Service offices in almost all Tier I and Tier II cities in India. With 2200+ employees and continued investments over 25 years in India, ZEISS’ success story in India is continuing at a rapid pace.
Further information at ZEISS India.
Job title
Cloud Security Lead
Division CARIn
Job Location Bangalore
Reports to Portfolio Manager – QMS & ISMS
Job Purpose
1. The Cloud Security Lead will assist with the development and implementation of processes related to Cloud Security [e.g. Azure] for protecting PHI / PII / PCI data deployed into various cloud, hybrid, and on-premises systems.
2. This position will directly contribute to the overall Definition (as applicable) & Implementation of Global Enterprise-wide Security Cloud Architecture / Processes while working closely with staff members of the project to enhance and develop new designs and security strategies across all types of cloud-based applications (including infrastructure, platform).
3. Deploying, Migration to and Maintaining cloud solutions in accordance with company security policies and best practices in cloud security in closely working with the Cloud Security Engineers of the Projects respectively.
4. The cloud security Lead will implement and review Security by Design to ensure that security is integrated into the design and architecture of systems and applications from the outset. This proactive approach aims to identify potential security risks and vulnerabilities early in the development process, thereby reducing the likelihood of security breaches and ensuring compliance with industry standards and regulations.
5. Conduct Cloud security risk assessments and threat modeling to identify, analyze and resolve potential vulnerabilities in system designs and application security issues in closely working with the Cloud Security Engineers of the Projects respectively.
Duties and Responsibilities
o Conduct Review & Provide input / feedback on security architectures of the Project(s)
o Participate in Product / Project Cyber Security Assessment reviews along with the Project teams
o Design and implement security frameworks and architectures that align with organizational goals and regulatory requirements.
o Develop security models and guidelines for new and existing systems, ensuring they are robust and scalable.
o Conduct risk assessments and threat modeling to identify potential vulnerabilities in system designs.
o Collaborate with stakeholders to prioritize risks and recommend appropriate mitigation strategies.
o Work closely with software development teams to integrate security practices into the software development lifecycle (SDLC).
o Provide guidance on secure coding practices and conduct code reviews to ensure compliance with security standards.
o Establish and maintain security policies, standards, and procedures that govern the design and implementation of systems.
o Ensure that all security measures comply with relevant laws, regulations, and industry standards (e.g., ISO 27001, HIPPA, NIST).
o Stay updated on the latest security threats, trends, and technologies to continually enhance security practices.
o Evaluate and recommend new security technologies and tools that can improve the organization's security posture.
o Monitor the Implementation of the security related practices with respect to cloud security
o Provide guidance to and assists in training less experienced IT Security Specialists and help further develop Cloud Security skills and delivery capabilities
o Provide technical guidance to the infrastructure and systems team to enforce cloud security controls
o Represent Security Platform in development and implementation of the overall global cloud enterprise architecture
o Define & Implement Cloud Security Processes for efficiently managing the Cloud / Hybrid systems as applicable
o Monitor, Review / Approve the implementation of cloud-based programs including Identity and Access Management and cloud security configurations
Authorities
o Authorized to Conduct Review & Provide input / feedback on cloud security architectures of the Project(s)
o Authorized to review and approve technical documents as per enterprise requirements
o Authorized to follow up on document updates and trainings
Qualifications
o College degree or / equivalent and 6-8 years related work experience, required
o 3-4 years’ experience with Cloud platforms such as Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP)
o Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development (Application Security), data protection, cryptography, key management, Identity and Access Management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments
o Possess a solid understanding and have experience with systems automation platforms and different technologies
o Working knowledge of common and industry standard cloud-native / cloud-friendly authentication mechanisms (OAuth, OpenID, etc.)
o Experience with service-oriented architecture for cloud-based services
o Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.
o Experience with enterprise applications (architecture, development, support, and troubleshooting)
o Experience and exposure to threat modeling and design reviews to assess security implications and requirements for introduction of new technologies
o Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions
o Experience with enterprise architecture and working as part of a cross-functional team to implement solutions
Other Attributes
o Strong Interpersonal and Communication skills required for partnering with both internal resources and external clients and resources
o The ideal candidate will need to be proficient in security capabilities, particularly in a cloud environment, and wider general security best practice [Where up skilling is required, this will be provided through both peer knowledge share and training]
o The Cloud Security Lead will partner with both staff members of the projects and clients directly to ensure open lines of communication and clear understanding of objectives within each project
Direct Reports
o None
Job title
Cloud Security Lead
Division CARIn
Job Location Bangalore
Reports to Portfolio Manager – QMS & ISMS
Job Purpose
1. The Cloud Security Lead will assist with the development and implementation of processes related to Cloud Security [e.g. Azure] for protecting PHI / PII / PCI data deployed into various cloud, hybrid, and on-premises systems.
2. This position will directly contribute to the overall Definition (as applicable) & Implementation of Global Enterprise-wide Security Cloud Architecture / Processes while working closely with staff members of the project to enhance and develop new designs and security strategies across all types of cloud-based applications (including infrastructure, platform).
3. Deploying, Migration to and Maintaining cloud solutions in accordance with company security policies and best practices in cloud security in closely working with the Cloud Security Engineers of the Projects respectively.
4. The cloud security Lead will implement and review Security by Design to ensure that security is integrated into the design and architecture of systems and applications from the outset. This proactive approach aims to identify potential security risks and vulnerabilities early in the development process, thereby reducing the likelihood of security breaches and ensuring compliance with industry standards and regulations.
5. Conduct Cloud security risk assessments and threat modeling to identify, analyze and resolve potential vulnerabilities in system designs and application security issues in closely working with the Cloud Security Engineers of the Projects respectively.
Duties and Responsibilities
o Conduct Review & Provide input / feedback on security architectures of the Project(s)
o Participate in Product / Project Cyber Security Assessment reviews along with the Project teams
o Design and implement security frameworks and architectures that align with organizational goals and regulatory requirements.
o Develop security models and guidelines for new and existing systems, ensuring they are robust and scalable.
o Conduct risk assessments and threat modeling to identify potential vulnerabilities in system designs.
o Collaborate with stakeholders to prioritize risks and recommend appropriate mitigation strategies.
o Work closely with software development teams to integrate security practices into the software development lifecycle (SDLC).
o Provide guidance on secure coding practices and conduct code reviews to ensure compliance with security standards.
o Establish and maintain security policies, standards, and procedures that govern the design and implementation of systems.
o Ensure that all security measures comply with relevant laws, regulations, and industry standards (e.g., ISO 27001, HIPPA, NIST).
o Stay updated on the latest security threats, trends, and technologies to continually enhance security practices.
o Evaluate and recommend new security technologies and tools that can improve the organization's security posture.
o Monitor the Implementation of the security related practices with respect to cloud security
o Provide guidance to and assists in training less experienced IT Security Specialists and help further develop Cloud Security skills and delivery capabilities
o Provide technical guidance to the infrastructure and systems team to enforce cloud security controls
o Represent Security Platform in development and implementation of the overall global cloud enterprise architecture
o Define & Implement Cloud Security Processes for efficiently managing the Cloud / Hybrid systems as applicable
o Monitor, Review / Approve the implementation of cloud-based programs including Identity and Access Management and cloud security configurations
Authorities
o Authorized to Conduct Review & Provide input / feedback on cloud security architectures of the Project(s)
o Authorized to review and approve technical documents as per enterprise requirements
o Authorized to follow up on document updates and trainings
Qualifications
o College degree or / equivalent and 6-8 years related work experience, required
o 3-4 years’ experience with Cloud platforms such as Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP)
o Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development (Application Security), data protection, cryptography, key management, Identity and Access Management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments
o Possess a solid understanding and have experience with systems automation platforms and different technologies
o Working knowledge of common and industry standard cloud-native / cloud-friendly authentication mechanisms (OAuth, OpenID, etc.)
o Experience with service-oriented architecture for cloud-based services
o Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.
o Experience with enterprise applications (architecture, development, support, and troubleshooting)
o Experience and exposure to threat modeling and design reviews to assess security implications and requirements for introduction of new technologies
o Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions
o Experience with enterprise architecture and working as part of a cross-functional team to implement solutions
Other Attributes
o Strong Interpersonal and Communication skills required for partnering with both internal resources and external clients and resources
o The ideal candidate will need to be proficient in security capabilities, particularly in a cloud environment, and wider general security best practice [Where up skilling is required, this will be provided through both peer knowledge share and training]
o The Cloud Security Lead will partner with both staff members of the projects and clients directly to ensure open lines of communication and clear understanding of objectives within each project
Direct Reports
o None
Reviewed by: Ganesh Babu, Sundar <[email protected]>
Reviewed & Approved by: Marzel, Joerg <[email protected]>
Date approved: 2023-08-22
Your ZEISS Recruiting Team:
Saptarshi Chowdhury
