Job Title:  RA- Cyber-AM-Cloud Compliance

Job requisition ID ::  4142
Date:  Nov 5, 2021
Location:  Delhi
Designation:  Assistant Manager
Entity:  Deloitte Touche Tohmatsu India LLP

What is the role?

We are seeking a Security Program Manager for Global Cloud Compliance at Cisco in Security & Trust Organisation to enable our Security Organization to be a trusted partner so that we can operate at scale within a secure and safe environment. The Security Program Manager collaborates with cross-functional teams to deliver security best practices throughout the program and product life cycles.


As a Security Program Manager, you will work closely with the security engineers and analysts, program managers, business stakeholders, GRC and different teams across the organization to turn security challenges into well-defined roadmaps and drive engineering efforts to build security systems and processes to protect Cisco. Will focus on multiple security programs, bringing project and program management expertise to the management of information security programs. Strengthen information security as a strategic partner to all other parts of our businesses



Key Responsibilities 

  • Coordinate across the Organization (Engineering, Product, Operations, Risk, Legal, and Compliance) teams to align with strategic vision and roadmaps.
  • Responsible for managing multiple Security programs using agile best practices. This includes planning, scoping, coordinating with cross-functional teams, reporting, communicating to the project team and key stakeholders, and creating the appropriate program documents.
  • Manage and coordinate Red team, Blue team, and purple team activities.
  • Manage and scale security engineering programs by defining expectations, timelines, milestones, success KPIs, and drive accountability across stakeholder teams to ensure security objectives are met.
  • Coordinate with the GRC team on Information Security risk management activities, including information security risk assessment, vendor reviews, and remediation of identified gaps and issues.
  • Monitor and coordinate dependencies across projects in the program and resolve conflicts
  • Partners with information security team to lead projects, mitigate risks, remove roadblocks, and report project status.
  • Leading security initiatives and serving as the main POC and escalation point for the program in relation to process or project-related functions and operational support.
  • Provide insight and recommendations regarding gaps, efficiency, and quality improvements related to security processes
  • Manage security training and awareness programs and assist with building a culture of security awareness across the organization
  • Responsible for vendor management, including assisting with third-party penetration assessments and ensuring that findings are appropriately prioritized and resolved.
  • Develop and maintain security policies and compliance content, including security documentation, security FAQs
  • Establish metrics and regular reporting mechanisms for measuring compliance, security posture and provides analysis to senior management




Who we need?

  • +5 years of work experience in information security and technical program/project management, or operating in similar capacities of leading security programs
  • Bachelor's Degree in a relevant technical field (e.g. Computer Science) or equivalent practical experience.
  • Experience with information security in one or more of the following: application security, vulnerability management, penetration testing, risk analysis, cloud environments (AWS/GCP/Azure) and security reviews.
  • Familiar with best practices, effective security metrics, and cybersecurity/compliance  frameworks including the NIST 800-37, NIST CSF,ISO 27001/22301/27017/27018/27701,PCI DSS, SOC 2, FedRamp set of publications.
  • Industry certifications in security, technology, and/or project management are a plus (e.g., CISSP, SANS, CISM, OSCP, or other industry certification)
  • Direct experience with and knowledge of common security vulnerabilities (OWASP Top 10), application security and software development. Must be familiar with the principles of SDLC.
  • Experience driving projects end-to-end independently, including evaluating, defining, and improving end-to-end processes
  • Excellent organization skills, acute attention to detail, and an ability to handle multiple tasks in an ever-changing environment.
  • Experience supporting vendor management programs and internal and external control assessments by auditors, clients, business partners, and other stakeholders.
  • Excellent interpersonal skills; ability to articulate verbally and written, taking ownership and driving results.
  • Ability to effectively collaborate with multi-functional, cross-organization teams to negotiate and construct project plans, coordinate on commitments and deliverables, and resolve blocking issues.




Who will excel?

The ideal candidate will be comfortable in a fast-paced, multi-tasked, high-energy environment. They will be a creative and analytical problem solver with a passion for delivering results.