Security & Compliance Project Manager
Bangalore, IN
IBM
For more than a century, IBM has been a global technology innovator, leading advances in AI, automation and hybrid cloud solutions that help businesses grow.At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.
Your Role and Responsibilities As a ‘Security & Compliance Project Manager’, you will work alongside experienced professionals towards a common goal of delivering high-quality and secure products to our clients. You will proactively seek for improvement opportunities and will focus on innovation that matters; by learning new technologies and methods that can positively impact the product roadmap. This role also requires after hours paging for high-severity events related to all of the team’s secure release requirements.
- You will be part of a strong, agile, and culture-driven development team responsible for building the Supply Chain Product for tomorrow.
- Organization,excellent communication skills, security related experience (preferred)
- The ‘Security & Compliance Project Manager’ should continuously consider the attack vectors and security weaknesses within their area or product offering and provide solutions to remediate those weaknesses. The person should be able to articulate and communicate to leadership team about the security posture of represented products/services. This overarching responsibility drives the requirement for the person to be proficient in the required skills listed below.
- Well Organized : Ability to work independently across multiple component teams, synthesize data into clear presentations to be shared with all stake holders
- Collaborative: Must collaborate with architects, developers, and non-technical stakeholders to drive security solutions.
- Respected: Proven track record in similar roles in industry. You will be expected to establish trust and respect with the development teams.
- Technical: Good grasp of computer science and technical understanding of micro-services architecture, SaaS, Cloud Security and Infrastructure.
- Growth Mindset: The world of security is highly dynamic and IBM is a company that thrives on innovation. Our Security and Compliance professional must possess a growth mindset to keep up with the ever-changing security landscape and seek opportunities to increase their breadth and depth of security topics.”
Required Technical and Professional Expertise
- Total experience of 12+ years.
- 5+ years of working experience with software product development (preferably SaaS) organizations.
- 3+ years of working experience in a leadership or PM position, having worked acorss multiple teams, geographies and preferably in compliance related roles.
- Domain expertise in cloud software and infrastructure technologies.
- Very good knowledge and understanding in penetration testing methodologies and exploits (web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies).
- Ability to communicate highly technical aspects to Executives, IT staffs, CISO team, auditors, respectively.
- Demonstrated experience in successful driving and execution of compliance programs for common IT security standards/regulations: SOC1/2/3, ISO27K, HIPAA, PCI, FBA (formerly FFIEC), FedRAMP, GDPR, etc.
- Experience with and understanding of –
- Access Management – understand the concepts of need to know, least privilege, individual accountability, privilege access monitoring, access revalidation, etc. and ensure your service implements them. Know to avoid the use of shared IDs, excessive privileges, weak passwords, etc.
- Vulnerability Management – be able to regularly scan your systems and remediate any vulnerabilities found within required time frames
- Data Protection – understand the types of data your services deal with and have measures in place to protect that data (e.g. encryption in transit and at rest, locked down file permissions, etc.)
- Configuration Management – understand how to securely harden a system or application upon deployment
- Health Checking – know how to check that a system/application is configured correctly on an ongoing regular basis and remediate any issues within required time frames
- Logging & Monitoring – ensure there is a process in place to store key logs with data integrity in place to protect those logs and have a process in place to independently monitor those logs for any unusual activity
- Change Management – understand and follow the discipline of change management to ensure that changes to systems, applications and environments are properly planned and vetted to avoid disruption to their service
- Business Continuity – understand what business continuity requirements are necessary in your organization and actively participate in ongoing business continuity planning
- Risk Management – understand where there are gaps in compliance or areas of risk that need to be analyzed and addressed either by remediation activities or formal Risk Evaluations to ensure mitigation, executive awareness, and approval
- Audits – be prepared to support audits by providing evidence or being interviewed as required
- Common Attack Patterns – know what the common attack vectors facing the industry (e.g. CWE 25 or OWASP Top 10), be able to describe an attack, give a generic example of the payload”
Preferred Technical and Professional Expertise
- Good To Have – Certifications / Credentials – CISSP (preferred), CCNP/CCIE (preferred), CCSP, CISA/CRISC/CISM.”
Key Job Details
Role:Security & Compliance Project Manager Location:Bangalore, IN Category:Software Engineering Employment Type:Full-Time Travel Required:No Travel Contract Type:Regular Company:(0063) IBM India Private Limited Req ID:729871BR
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Audits CCIE CCNP CCSP CISA CISM CISO CISSP Cloud Compliance Computer Science CRISC Encryption Exploits FedRAMP FFIEC GDPR HIPAA IDS ISO 27000 Monitoring OWASP Pentesting Risk management SaaS SOC 1 Vulnerabilities Vulnerability management
Perks/benefits: Career development Startup environment Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.