Senior Manager - Validation - Information Security Group (ISG)

Date: May 12, 2022

Location: Bangalore, India

Company: Tredence

About Tredence

Tredence is a global analytics services and solutions company. We are one of the fastest growing private companies in the country for three straight years according to the Inc. 5000 and we continue to set ourselves apart from our competitors by attracting the greatest talent in the data analytics and data science space. Our capabilities range from Data Visualization, Data Management to Advanced analytics, Big Data and Machine Learning. Our uniqueness is in building Scalable Big Data Solutions on Onprem/GCP/Azure cloud in a very cost effective and easily scalable manner for our clients. We also come in with some strong IP and pre-built analytics solutions in data mining, BI and Big Data. 
 

Job Summary

Role: Senior Manager - Validation - Information Security Group (ISG)

About ISG: Tredence CISO’s office is accountable for Security and Privacy on all aspects of Tredence’s internal and Client facing
business. The team in charge of Security - the Information Security Group (ISG) - focusses on all elements of Information
Security for the organization working collaboratively with stakeholders from across its business. The team provides
internal as well as external stakeholders assurance while confidential data is being handled to meet business objectives.
ISG takes care of implementing, maintaining and reporting of Information Security and its posture using a combination of
Policies, Procedures, Guidelines and Cyber Security technology controls on an ongoing basis. The team comprises of two
Groups,
1. Cyber Security Governance, Risk and Compliance (GRC) and,
2. Cyber Security Technical Operations (TechOps)

Job Location

Bangalore

Roles & Responsibilities

o In this role in Validation (under the TechOps group), you will be accountable for the development, leadership and
implementation of the Vulnerability Management Program for the organization in which you will lead, strategize
and drive implementation initiatives such as, but not limited to, Secure Software Development Lifecycle (SSDLC),
SecDevOps practices, vulnerability assessments and penetration testing of infrastructure, mobile and applications as
well as reporting and driving closure of vulnerabilities in coordination with relevant stakeholders
o You will keep abreast with the latest events pertaining to the Global Cyber Security Threat landscape so as to
consider critical Cyber Security stack upgrades for the organization on priority and closely work with Security
Engineering to pilot, shortlist and implement the required tools to meet the Cyber Security objectives from a
Validation standpoint
o You will review and sign-off on all relevant IT and IoT changes and/or exception requests with respect to the
organization’s Vulnerability Management posture and manage exceptions to the same where applicable
o You will track and extend / revoke exceptions in a timely manner so as to ensure exceptions are only utilized on a
business-need-to-have basis
o You will ensure control coverage and effectiveness in all solution rollouts in a systematic fashion
o You will participate in functional and group level meetings with stakeholders and provide your subject matter
expertise and leadership as deem fit

Qualification & Experience

Knowledge expectations
o You are a thought leader and come with at least 12 years of Information Security experience handling diverse
security domains and teams
o You come with a strong knowledge and implementation experience in various areas of vulnerability management
such as, but not limited to, tiered application architectures, web applications, APIs, mobile applications, end-to-end
application development lifecycle, Secure Software Development Lifecycle (SSDLC), SecDevOps practices,
infrastructure, mobile and application vulnerability assessments and penetration testing, Common Vulnerabilities
and Exposures (CVEs), OWASP Top 10 vulnerabilities, Application Security Verification Standards, MITRE ATT&CK
Framework, SAST, DAST, IAST, Red Team etc.
o You have hands-on experience of various tools such as Qualys, Rapid7, SAST, DAST, IAST capabilities from industry
leading security vendors (e.g.: Micro Focus, Checkmarx, Veracode etc.), Black Duck, GitGuardian, Nmap, Nessus,
Wireshark, Burp Suite, Metasploit, Kali Linux, John The Ripper, Aircrack etc.
o You have hands on experience in software languages such as, but not limited to, Python, GoLang, Perl, Shell, Power
Shell, .NET, C, C++, Java, JavaScript, SQL Scripting, PHP etc.
o You have a wide array of knowledge and implementation experience in the following areas, such as but not limited
to application of Security to Systems, Storage, Compute, Cloud, Networks, Virtualization, Software and OT
o You have obtained experience in applying pragmatic security controls and are well versed with leading Information
Security Standards and Frameworks such as, but not limited to, Information Security Management System (ISO
27001), NIST Cyber Security Framework (NIST), NIST 800-53, PCI DSS, HIPAA, SSAE-18 SOC 1 or SOC 2 and SoX
controls, having driven various implementation and compliance initiatives related to the same
o You have working knowledge in applying essential security controls in one or more of the following Cloud platforms
– Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP)

Required education and certifications
o You are an Engineering graduate, have an equivalent or higher education
o You have acquired one or more of the following certifications – CISSP, CISM, CCSP, ISO 27001 Lead Implementer /
Auditor, Azure, AWS and GCP Certifications

Skill expectations and others
o You nurture and inspire the team to achieving continuous learning and growth
o You come with a mix of strong technical, analytical and problem-solving skills
o You have great attention to detail, project management, strong communication, collaboration and influencing skills;
including working with executive leadership in organizations
o You are regular panellist or speaker in Information Security conferences and round tables
o You are part of industry forums which focusses on contributing on various topics of Information Security
o You come with a mindset of helping improve the Information Security Program being able to switch between tactical
as well as strategic decisions from time to time
o You are a self-starter, a go getter and an innovative thinker with a positive attitude

Competencies

Think Impact
Tech Skill2
Do the right thing
Be Entrepreneurial
Tech Skill3
Constantly Curious
Tech Skill1
Pursue Excellence
Tech Skill4
Tech Skill5

Why Join Tredence?

There is a reason we are one of the fastest growing private companies in the country! You will have the opportunity to work with some of the smartest and fun-loving people in the data analytics space. You will work with the latest technologies and interface directly with the key decision stakeholders at our reputed clients, some of the largest and most innovative global business brands. Our people are our greatest asset and we value every one of them. We are an equal opportunity employer who adhere to our core values & reflect this in our day to day life. So, please come & see why we’re so successful in one of the most competitive and fastest growing industries in the world.