Work LocationSaint-Gobain - Sriperumbudur / Teynampet, Chennai, Tamil Nadu, IndiaRoles and ResponsibilitiesResponsible for ensuring compliance of India Regional business applications to Saint-GobainGroup Cybersecurity Rules, Standards and Policies, thereby delivering secure and robustapplication performance to businesses.Work closely with Regional Business Application owners, development teams, InformationTechnology Services (ITS) teams, service providers etc. to ensure application cybersecurityrequirements are built-in right from the project initiation phase.Work with application owners to evaluate Confidentiality, Integrity, Availability requirementsand perform risk analysis at all stages of SDLC, using Saint-Gobain tools and platforms. Defineand implement action plans for risk mitigation and ensuring compliance to cybersecurity rules.Perform applicative flow validations as per SG rules. Manage exception / whitelisting requestsas per central guidelines.Liaise with Group central services for periodic Vulnerability Assessment / Pen Tests, and workwith application owners to define mitigation actions and follow-up action plans.Ensure all Cybersecurity incidents are resolved within mandated timeframe.Communicate Central Cybersoc advisories with relevant stake holders; define compliance actionplan and follow-up.As part of cybersecurity resilience, in collaboration with IT services and application owners,ensure robust disaster recovery plans and setup is in place for business critical applications.Liaise with central cybersecurity teams to plan and implement global cybersecurity projects andinitiatives, within India perimeter.Participate in global security expert teams to collaborate on cybersecurity topics.As part of Cybersecurity governance, conduct structured review meetings with applicationowners to review and progress Cybersecurity action plans. Provide monthly updates to businessCIOs and CDIO on key topics and Cybersecurity posture of applications.Conduct regular knowledge sharing sessions with application development community on thecentral projects, common vulnerabilities, learnings etc.Conduct regular training sessions to end users to improve cybersecurity response across alllevels.Communicate cybersecurity news and updates to business community, through Viva Engage,Newsletters etc.Desired Candidate ProfileBachelor / Masters degree in Computer Science / IT / ECE5 years (min) experience in application cybersecurity. Overall 7-8 years of post qualificationexperience is acceptable.Good knowledge and hands-on experience in overseeing secure SDLC processes, tools andpractices.Should have worked on large business critical projects with good individual responsibility.Good knowledge of OWASP (or similar framework) security practices for applicationsGood experience in cybersecurity project governance.Good written, oral communication and presentation skillsGood organizational, communication and interpersonal skillsAbility to work independently or as part of a team
