Job Title: Technical Architect Security
Location: Work From Home
Department: Security
Reports to: Associate Director - Technology
Job Type: Full-Time
Website: https://deliverysolutions.co/
Delivery Solutions is a Retail eCommerce OXM Platform that provides retailers with out-of-the-box solutions to power Same-Day Delivery, Curbside, In-Store Pickup, Shipping, and post-purchase experiences. We are trusted with some of the biggest names in multiple verticals of retail like Sephora, AT&T, Footlocker, Michael's, Office Depot, GameStop, Total Wine, Sally Beauty, Abercrombie & Fitch Co. Belk, Loblaw, Vineyard Vines etc.
Our SAAS-based solution is highly flexible and interacts seamlessly with E-commerce properties, OMS, WMS, and POS systems for a highly scalable experience and a delighted customer base.
Delivery Solutions is a wholly-owned subsidiary of UPS | We are a certified Great Places To Work Company
Job Overview: As a Technical Architect of security, you will be responsible for leading and managing our Information Security Operations team. You will safeguard our organization's information assets by developing, implementing, and maintaining security processes and protocols. Ensure compliance with relevant laws, regulations, and industry standards (e.g., ISO, SOC2, HIPAA, GDPR) i.e. monitor changes in compliance regulations, adjust policies and procedures as necessary, and oversee the development and implementation of privacy policies and procedures to protect personal data. This role demands a blend of technical expertise and leadership skills to ensure the security and integrity of our systems, networks, and data.
Key Responsibilities:
Technical Responsibilities:
Policy Development and Enforcement
- Develop, implement, and enforce comprehensive security and privacy policies.
- Regularly review and update policies to reflect evolving threats and regulatory requirements.
- Audit adherence to these policies across the organization
Security Operations Centre:
- Oversee the daily operations of the information security team, ensuring that all security policies, procedures, and protocols are effectively implemented and maintained.
- Lead the development and implementation of security measures, including firewalls, intrusion detection systems, and encryption protocols.
Incident Response:
- Manage and respond to security incidents, providing timely and effective resolution.
- Conduct thorough investigations of security breaches and take appropriate corrective actions.
Vulnerability Management:
- Conduct regular security assessments and vulnerability scans to identify potential threats.
- Recommend remediation strategies to address identified vulnerabilities.
Compliance and Audits:
- Develop policies based on industry best practices and implement the policies defined.
- Ensure compliance with relevant laws, regulations, and industry standards (e.g., ISO, SOC2, HIPAA, GDPR).
- Coordinate and support internal and external security audits.
Privacy:
- Be updated on the privacy laws where the company and customers operate
- Ensure the company’s processing activities comply with privacy laws
Functional Responsibilities:
Strategic Planning and Development:
- Collaborate with senior management to develop and implement the overall information security strategy.
- Identify and prioritize security initiatives and projects based on risk assessment and business impact.
Team Leadership and Development:
- Resource management, planning and execution, and stakeholder communication.
- Planning execution of various projects in the domain of security and privacy
- Lead, mentor, and develop a team of security professionals, fostering a culture of continuous improvement and professional growth.
- Conduct performance evaluations and provide constructive feedback to team members.
Cross-Department Collaboration:
- Work closely with IT, legal, marketing, and other departments to ensure cohesive security practices across the organization.
- Serve as a key advisor to the Associate Directors and other executives on security and privacy matters.
- Coordination and provide updates to Delivery Solutions' parent organization on security initiatives.
Risk Management:
- Identify, assess, and mitigate information security risks.
- Develop and maintain a risk management program that aligns with the organization’s objectives.
Security Awareness and Training:
- Develop and deliver security awareness training programs to educate employees on security best practices and emerging threats.
- Promote a security-conscious culture throughout the organization.
Qualifications:
- Education: Bachelor’s degree in Computer Science, Information Security, or a related field. Master’s degree or professional certifications (CISSP, CISM, etc.) preferred.
- Experience: Minimum of 7-10 years of experience in information security, governance, and audit processes, with at least 3-5 years in a management or leadership role. Have worked as an auditor for ISO / SOC2 and other frameworks
- Technical Skills: Experience in setting up a framework and conducting privacy and security audits.Conducting training and awareness, proficiency in security technologies and tools (e.g., SIEM, IDS/IPS, firewalls, endpoint protection), strong understanding of network security, cryptography, and risk management frameworks.
- Functional Skills: Strong leadership and team management skills, excellent communication and interpersonal abilities, experience in strategic planning and project management.
- Personal Attributes: Strong analytical and problem-solving skills, high ethical standards, ability to work under pressure and manage multiple priorities.
About Delivery Solutions
Out-of-the-box solutions are provided by Delivery Solutions to retailers, allowing them to provide customer experiences such as curbside delivery, same-day delivery, shipping, in-store pickup, and post-purchase pickup. The company collaborates with some of the most recognizable names in the retail industry, such as Michael's, Sephora, Loblaw, GameStop, Office Depot, Sally Beauty, Total Wine, Belk, and Abercrombie & Fitch.
Its SAAS-based solution is incredibly adjustable and works in combination with e-commerce sites, warehouse management systems, order management systems, and point-of-sale systems to give a highly scalable experience and a base of delighted customers. They have direct connections to the most prominent businesses in same-day delivery, like DoorDash, Uber, Postmates, and Shipt, amongst others, in addition to the most prominent shipping firms, including UPS, FedEx, USPS, and others.
Perks & Benefits @Delivery Solutions:
- Permanent Remote work - (Work from anywhere)
- Broadband reimbursement
- Flexi work hours - (Login/Logout flexibility)
- 21 Paid leaves in a year (Jan to Dec) and 7 COVID leaves
- Two appraisal cycles in a year
- Encashment of unused leaves on Gross
- RNR - Amazon Gift Voucher
- Employee Referral Bonus
- Technical & Soft skills training
- Sodexo meal card
- Surprise on birthday/ service anniversary/new baby/wedding gifts
- Annual trip
Similar jobs
About Shopalyst:
Shopalyst offers a Discovery Commerce platform for digital marketers. Combining data, AI and deep integrations with digital media and e-commerce platforms, Shopalyst connects people with products they love. More than 500 marquee brands leverage our SaaS platform for data driven marketing and sales in 30 countries across Asia, Europe and Americas. We have offices in Fremont CA, Bangalore, and Trivandrum. Our company is backed by Kalaari Capital.
Key responsibilities
- Ensure compliance with all applicable regulatory requirements, including SOC2, ISO 27001, PCI DSS, GDPR rules and guidelines.
- Develop and implement compliance policies, procedures, and programs.
- Conduct regular compliance reviews and audits to identify areas of improvement.
- Collaborate with other departments to ensure effective implementation of compliance measures.
- Work with external vendors to ensure compliance adherence
- Maintain up-to date compliance records and provide them to Sales, Marketing, Internal and External Customers on a need-to-know basis
- Provide training and education on compliance matters to staff and stakeholders.
- Monitor market trends and regulatory developments to stay informed of potential risks or issues.
Requirements
Job Requirements
- Strong knowledge of audit and regulatory compliance to ensure the security, privacy, and reliability of SaaS services in a global market.
- Familiarity with ISO 27001, PCI DSS, GDPR rules and guidelines.
- Ability to work collaboratively with cross-functional teams.
- Strong analytical skills and attention to detail.
- Bachelor's degree in a related field preferred but not required.
- Experience in Leading Software Project Teams desired but not mandatory.
Additional Notes :
At Shopalyst, we are creating a global workplace that enables everyone to find their true potential, purpose, and passion irrespective of their background, gender, race, sexual orientation, religion and ethnicity. We are committed to providing equal opportunity for all and believe that diversity in the workplace creates a more vibrant, richer work environment that advances the goals of our employees, communities and the business.
- Solid experience in designing, implementing, and securing cloud environments, including services such as EC2, S3, RDS, IAM, VPC, and CloudTrail.
- Strong understanding of DevOps methodologies and experience with CI/CD pipelines and tools (e.g., Jenkins, GitHub, SonarQube).
- In-depth knowledge of cloud security best practices, industry standards, and compliance frameworks (e.g., NIST, CIS, ISO 27001).
- Proficiency in scripting languages such as Python, Bash, Groovy.
- Experience with Infrastructure-as-Code (IaC) tools like AWS CloudFormation or Terraform.
- Familiarity with security scanning and monitoring tools, such as AWS Security Hub, GuardDuty, Inspector, or third-party solutions.
- Strong understanding of network security concepts, including firewalls, VPNs, and secure network architectures.
- Knowledge of secure coding practices and experience with application security testing tools (e.g., SAST, DAST, fuzzing, and secure coding patterns).
- Excellent problem-solving skills and ability to work collaboratively in a team-oriented environment.
- Participate in incident handling and other related duties to support the information security function.
- The ability to learn and apply new concepts quickly
- Strong written and oral communication skills
Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.
Base location: - Bengaluru - Must
Joining requirement: - Not later than second week of June 2023.
Requirements: -
1. Mandatory - ISO 27001:2013 lead implementor certified
2. Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)
3. Good to have – CISA, CISM, Risk management certification, Privacy certifications.
4. Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.
5. This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.
6. Good documentation skills.
7. Develop, implement, maintain, review and continually improve Information Security policies.
8. Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
9. Manage and maintain a risk register / risk database along with risk treatment plans.
10. Good understanding of physical and environmental security.
11. Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.
12. Provide training to the employees on Privacy & Information Security Management System on regular intervals.
13. The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.
14. Mandatory: Good verbal and written communication skills. Eye for details.
15. Good presentation skills.
16. Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.
Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.
Base location: - Bengaluru - Must
Requirements: -
- Mandatory - ISO 27001:2013 lead implementor certified
- Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)
- Good to have – CISA, CISM, Risk management certification, Privacy certifications.
- Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.
- This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.
- Good documentation skills.
- Develop, implement, maintain, review and continually improve Information Security policies.
- Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
- Manage and maintain a risk register / risk database along with risk treatment plans.
- Good understanding of physical and environmental security.
- Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.
- Provide training to the employees on Privacy & Information Security Management System on regular intervals.
- The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.
- Mandatory: Good verbal and written communication skills. Eye for details.
- Good presentation skills.
- Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.
i. Technology Graduate with 8+ years of experience in the IT industry & Information Security / Cyber Security
iii. Provide Security Vision & Strategy to the Organization, strategic direction, development, and implementation of information security programs and projects to address risks relevant to the attainment of organizational strategic goals.
iv. Experience in advising leadership team regarding Security Technology Land scape, product issues, and possible improvements
v. Expertise in providing executive roadmaps for continual improvement in teams, technology, and processes, process across various security & DevSecops teams
vi. Experienced in Information Security Risk Management, gap analyses, Audits.
vii. Hands-on Experience in formulating Cyber Security Policies, Design and implementation of Security Technologies, DevSecOps.
viii. Working Knowledge in implementation of Cyber Security Solution in Open Source, OpenStack environment.
ix. Ability to provide strategies to increase the ability to withstand cyber-attacks, as measured by annual sophisticated attack simulations.
x. Experience in upgrading, troubleshooting and tuning of Cyber Security Solutions, SOC Operations.
xi. Thorough understanding and good knowledge latest Cyber Security technologies, Security Architectures, vulnerabilities, security threats.
xii. Expertise in Test-Driven Development and establishing a DevSecOps practice. Multiple product launches under your belt - from design to launch, having played a key role in their success
xiii. Ability to setup PoC for latest security solutions
xiv. Good understanding of Open Source Technologies, Private Cloud Technologies.
What are we looking for?
An enthusiastic individual with the following skills. Please do not hesitate to apply if you do not match all of it. We are open to promising candidates who are passionate about their work and are team players.
Key Responsibilities & expectations from the candidate
- Must have strong experience in Information Security Management system(ISMS), creation of policy, procedures and implementation.
- Operates as a key contributor to the RFP, Third-Party Risk assessment, cloud security assessment etc.
- Lead the strategic and tactical development of information security framework, risk management and new compliance initiatives
- Subject matter expertise in ISO 27001, SOC2, CCPA, CPRA, GDPR, PCI DSS and HIPAA.
- Must have a strong experience in the documentation process and reviewing MSA, SCC, SLA & DPA.
- Good knowledge of BCP/DR, Incident response, VA/PT and Audit methodologies of various compliance frameworks.
- Good knowledge of Access management, Network, Application Security, Encryption, Backup, Physical Security, ISMS Training & Awareness etc..
- Ability to deal with the customers and vendors on Security and privacy matters.
- Knowledge of Core IT processes, SDLC, network infrastructure will be useful.
Personal Attributes
- Good written, oral, and interpersonal communication skills.
- Ability to conduct research into IT security issues
- Ability to present ideas in business-friendly and user-friendly language.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Highly self-motivated and hardworking.
Qualification and certification
- Bachelor’s/master's degree in Security, Computer Science, Management Information Systems, Engineering or related field.
- Should be at least ISO 27001 lead auditor or lead implementer.
- 3+ years of related work experience in information security governance, risk and compliance (GRC) or relevant compliance roles in the SaaS industry.
What can you look for?
A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact, and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being here.
We are
It is a rapidly growing fintech SaaS firm that propels business growth while focusing on human motivation. Backed by Giift and Apis Partners Growth Fund II, Company offers a suite of three products - Plum, Empuls, and Compass. Company works with more than 2000 clients across 10+ countries and over 2.5 million users. Headquartered in Bengaluru, Company is a 300+ strong team with four global offices in San Francisco, Dublin, Singapore, New Delhi.
Way forward
We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status.
o Tools:
CrowdStrike Falcon Sensor - Or similar AV engine
Cisco Umbrella Web Filtering – Or similar Web Proxy Filter
Cisco FTD Intrusion Prevention – Or similar IPS/IDS
O365 Email Protection (Spam, Phishing) - Or similar
Phish Insight (Phishing Campaigns) - Or similar phish campaign technology
Nessus Professional – Or similar vulnerability scanning tool
Cisco NGFW – Or similar FW technology
o Technologies:
Cloud (AWS IaaS, O365 SaaS),
On Premis (Windows 90%, Linux 10%)
o Processes:
Computer security incident response
Security reviews and assessments
Vulnerability management Penetration tests
Manage Level 3 security incidents and requests
Ensures compliance with corporate policies and procedures
Research new ways to improve existing technical security controls
Project SME and Lead for security related projects
Conduct Risk assessments and assist in remediation activities
Assist in internal and external audit activities
Required Experience and Skills:
Bachelor's degree in Information Security, Computer Science or Engineering
Minimum of 3 years in security engineering
Knowledge in cloud ecosystems security - Amazon AWS, Microsoft O365
Ability to work well in an international team (US or EU time zone)
English spoken and written on at least B2 level
Understanding of security monitoring and identification concepts
Assessing and understanding the impact, severity and urgency of issues
Cybersecurity Certifications an advantage but not essential: CEH, C|HFI, CISSP, CISA, CISM
Expertise across a variety of security products including those listed in requirements above
- The candidate must have strong experience in application security assessment. threat modeling, code review, static and dynamic testing.
- The candidate must have a strong understanding of common security libraries, security controls, and common security flaws.
- Candidate must have experience in performing application vulnerability Management, penetration testing, application & API security assessment.
- Candidate must have experience with OWASP, static/dynamic analysis, and common security tools
- Candidate must have basic knowledge of development or scripting experience
- Candidate must have experience in identifying security issues through code review during entire SDLC cycle
- A basic understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols)
- Experience in working with developers
- Candidate must have good communication skills (written & verbal)
- He / She will be responsible for performing application security assessment, code review, API security assessment.
- Participate in and support application security reviews and threat modeling, including code review and static/dynamic testing.
- Ensure that security across all aspects of the software is uniform by setting up checkpoints.
- Perform threat modeling for applications to determine the potential threats and vulnerabilities to an application and identify points where applications are most vulnerable.
- Based on assessment results explore the threats that each application is exposed to and ranks them on a severity scale
- Recommend the countermeasures that could be developed to secure application
- He / She need to facilitate and support the preparation of security releases
- He / She needs to support product and development teams in the area of application security.
- Assist in the creation of best security development practices and security training for developers
Skills
- He / She must have 5 + Years of experience in Application security assessment & application vulnerability management with strong academic background.
- Ability to stay current with emerging threats, security risks, and potential impacts to the business.
- Should have strong exposure to application security assessment, code review, secure development practices, and application security tools & technologies.
- Candidate should have at least one Information security certification CEH, CASE, or CISSP
- Max rate $85/hr
-
MUST HAVE- Application security covering micro services security and Restful API from technical and business process and architecture.
-
MUST HAVE -Application security, penetration testing, red team tool (optional), development background, Should have done Application vulnerability Assessments.
-
GOOD TO HAVE - Infrastructure experience in Azure Cloud OR Microsoft 365 product implementations will be handy , network Architecture n design mostly in Azure space
-
GOOD TO HAVE - Enterprise platform – office 365 is plus and such implementation.
-
Experience as a Azure DevSecOps engineer is desired
-
Ability to communicate effectively with senior management as well as highly technical engineers to articulate security positions effectively.