Technology Lead

The Security Advisor is responsible for safeguarding organizational assets, data, and systems by implementing robust security measures, conducting risk assessments, and advising on compliance with security standards. This role involves working closely with delivery teams, risk management, and IT to ensure security is embedded throughout the development lifecycle and operational processes.

• Security Governance & Compliance

  • Ensure adherence to organizational security policies, regulatory requirements, and client-specific security standards.
  • Conduct periodic audits and risk assessments to identify vulnerabilities and recommend mitigation strategies.

• Risk Management

  • Analyze security risks related to applications, infrastructure, and third-party integrations.
  • Develop and maintain Risk Treatment Plans (RTP) for identified vulnerabilities (API/Container), including EOL/EOS software/asset and SSL certificate renewals.

• Incident Management

  • Ensure timely reporting and handling of security incidents, preserving evidence and coordinating with ISG and corporate risk teams.
  • Participate in incident drills and awareness programs to strengthen security culture.

• Advisory & Training

  • Provide guidance on secure coding practices, threat modeling, and compliance frameworks (ISO 27001, PCI DSS, GDPR).
  • Conduct security awareness sessions for teams and stakeholders.

• Dev Sec Ops Enablement

  • Integrate security controls into CI/CD pipelines to enable “security at the speed of DevOps.”
  • Automate security processes such as code scanning (SAST, DAST, SCA), secrets management, and vulnerability remediation.

• Strong knowledge of application security, network security, and cloud security.

• Hands-on experience with:

• Vulnerability Assessment tools (Fortify, Burp Suite).

  • DevOps tools (Azure DevOps, Git, Docker, Kubernetes).
  • Security frameworks and compliance standards (ISO, NIST, PCI DSS).

• Proficiency in scripting (Python, PowerShell, Bash) for automation.

• Excellent problem-solving and stakeholder management skills.

• Preferred Certifications

• CISSP, CISM, or equivalent.

• Dev Sec Ops or Cloud Security certifications

Education: Graduate

Preferred skills: TSG