Security Operations Officer

1. Data Security Architecture & Implementation

• Security Architecture: Design and implement data security controls including DLP, encryption, and data protection mechanisms across structured and unstructured environments.

• Control Enforcement: Ensure consistent enforcement of data classification, encryption, and access controls across databases, endpoints, and cloud platforms.

• Compliance Enablement: Translate PDPPL and national data classification requirements (C0–C4) into enforceable technical controls.

1. Data Privacy Engineering

• Privacy Controls Implementation: Embed privacy controls (masking, tokenization, anonymization) into applications and data platforms.

• DPIA Execution: Conduct Data Protection Impact Assessments (DPIAs) with a focus on identifying and mitigating technical risks.

• Data Visibility: Implement data discovery, classification, and lineage tooling to track sensitive data flows.

• Data Residency Controls: Enforce data residency and sovereignty requirements across cloud platforms (Azure/GCP).

1. AI Data Security

• AI Security Controls: Implement safeguards for Generative AI and LLM usage, including access control, logging, and data leakage prevention.

• Data Sanitization: Apply masking and anonymization techniques to datasets used in AI/ML pipelines.

• Third-Party Risk (Technical): Perform technical security validation of AI vendors, focusing on data handling and model training exposure risks.

1. IT/OT Data Protection Integration

• Secure Data Transfer: Implement encryption and data filtering controls for data flows between OT and IT/cloud environments.

• Segmentation Controls: Enforce security controls at Industrial DMZ and integration points (e.g., firewalls, proxies, encryption gateways).

• Monitoring & Risk Detection: Support detection of data exposure risks from industrial systems through logging and monitoring solutions.

________________________________________

1. Data Protection Operations & Cryptography

• Encryption & Key Management: Operate and manage encryption solutions including HSMs and Cloud KMS (BYOK/HYOK).

• Security Tools Operation: Deploy, tune, and operate DLP, Database Activity Monitoring (DAM), and data classification tools (e.g., Microsoft Purview / Azure Information Protection).

• Monitoring & Response: Support incident detection and response related to data leakage, misuse, or unauthorized access.

OR

Key Responsibilities

Security Assurance & Risk Management

• Lead security assessments, architecture reviews, vulnerability management, and assurance activities.

• Establish and operate a structured Security Assurance Framework covering control validation, coverage tracking, and continuous assurance.

• Manage the full security lifecycle from risk identification through remediation and validation.

• Translate technical findings into business-level risk statements and remediation plans.

Application, Cloud & Infrastructure Security

• Perform in-depth security assessments of web applications, APIs, mobile applications, cloud platforms, containers, and infrastructure.

• Identify advanced security risks such as business logic flaws, authentication weaknesses, privilege abuse, and modern attack techniques.

• Validate secure architectures, configuration baselines, and cloud-native security controls.

• Support secure SDLC and DevSecOps practices, including security testing and release controls.

Configuration Baselines & Continuous Hardening (New)

• Define and maintain s