The senior manager would need to have at least 14+ years of experience and will be responsible for managing the security assurance process by developing, implementing and sustaining the security assurance program covering technology (Systems, Application & Network) and related its processes. This role should possess good experience in technology and in different security frameworks and standards. The position requires exposure to vulnerability management, worked on different security testing methodologies, and tools. You will be bringing cutting-edge approaches to solve business problems, create architecture & design security solutions. This involves working with developers, designers, business analysts, and product managers.
The individual should have expertise in security risk analysis, cloud architecture, threat modeling, policy writing, and familiar with regulatory standards such as SDLC, NIST, ISO 27001 / 27002, and PCI-DSS.
Responsibilities and Scope:
- Collaboratively work with engineering/architect/development/product / IT teams and guide them to follow the security gates set as per Myntra security process
- Define the security assurance schedule and corresponding metrics and key risk indicators for the security assurance program
- Align and integrate security assurance and engineering strategy for the engagement with the business goals
- Monitor and evaluate security assurance program to protect against anticipated security threats or hazards to the security or integrity of sensitive information for different LoB
- Establish, communicate, and maintain a charter and plan for the security assurance function for the engagement. Provide consolidated security risk dashboard metrics to management and business unit leaders
- Evaluate systems, application and network security processes and technology as it relates to the risk management, threat modeling, security testing, compliance, penetration testing, and security tooling
- Liaison with engineering, architect, and tech teams to address the internal & external security remediation requests related to a different layer of the technology
- Evangelize security with tech staff to ensure application, system, and network security policies are managed in compliance with the control standards and policies and same are up-to-date / consistently followed
- Manage security threat modeling process and coordinate application threat models against the Myntra applications, systems, and network
- Liaison with various internal teams (Engineering, Application Development, Architecture, Procurement Services, Corp IT) for security initiatives and automation efforts. Manage new projects and initiatives related to security engineering as the need arise
- Coordinate with stakeholders to track internal and external assessment and compliance related to internal security processes and regulatory requirements
- Conduct presentations on security assurance metrics to respective leadership and management and provide regular status updates on all assigned tasks and deliverables
- Maintain security issues logged, tracked, and followed up on all reported vulnerabilities (Internal / External). Works with stakeholders for mitigation of risks by following established procedures and continuously monitors application security control
- Create clear career paths for team members and help them grow with regular & deep mentoring. Perform regular performance evaluation and share and seek feedback
- Deep understanding of technologies and architecture in a highly scalable and available set-up.
- Deep understanding & expertise with highly transactional, large relational, and complex systems
- 5+ years of experience in information assurance.
- Broad understanding of network and system security technology and practices across major-computing areas.
- Proficiency in providing security advisories, solutions, or mitigation approach on the inherent risks
- Experience in understanding and deploying risk management frameworks
- Experience with working on global teams across time zones, cultures, and languages.
- Excellent written and verbal communication and organizational skills.
- Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources
- Good understanding of the Software Development Life Cycle methodologies such as Waterfall, Agile, CI/CD and exposure to the Application Security Vulnerabilities (OWASP Top 10), security testing methodologies, and related tools such as Fortify, WebInspect, BurpSuite
- Security certifications desired such as CISA, CISSP, CISM, CRISC, etc.
- Good Knowledge and familiarity with Operating system administration – Windows & Linux
Nice to Have:
- Able to establish credibility with smart engineers quickly, and provide longer-term vision and motivation.
- Great people skills to closely work with other teams. Product Management, Business Development, and Operations, all need your expertise to ensure superior solutions match our scale of operations.
- Very high technical competence, strong technical background with a track record of individual technical accomplishments – Ability to play the role of the architect for the team