Job Title- IT Manager - Information Security (Cloud Security) Position type- Full Time Work Location- Bangalore/Gurugram/Noida Working style- Hybrid People Manager role: No Required education and certifications critical for the role- Any Graduate or Post-Graduate (full time) Required years of experience – Minimum 11+ years of relevant experience AON IS IN THE BUSINESS OF BETTER DECISIONS At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are committed as one firm to our purpose, united through trust as one inclusive, diverse team and we are passionate about helping our colleagues and clients succeed. JOB RESPONSIBILITIES: Manage Knowledge of the current security environment and industry trends especially related to cloud Knowledge of cloud delivery, security, and deployment models for Platform as a Service (PaaS), Serverless computing, Infrastructure as a Service (IaaS), and Software as a Service (SaaS) offerings Knowledge of key cloud security standards (e.g., NIST, CIS, ISO, CSA) Experience in one or more of the following Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) Experience in Cloud native container and API security. Experience with graph database technology - an advantage. Working knowledge of the OWASP Top 10, SANS Critical Security Controls, and NIST Special Publications 500’s or 800’s series Expert level work experience in Cloud Security and DevSecOps. Knowledge of good industry practice in tiered security architecture design Ability to document reference architectures, network schematics, blueprints, patterns, and other types of design documentation To qualify for the role, you must have A bachelor's degree in a related field and approximately 11+ years of related work experience Experience with security DevOps processes, hybrid cloud deployments, and container solutions such as Native Container, K8s, and Docker. Work as a hands-on with a good understanding of cloud-native concepts and tradeoffs. Technical knowledge in some of the following domains in a cloud context: routing/switching, stateful or next gen firewalls (NGFW), distributed denial of service (DDoS) mitigation, web application firewalls (WAF), intrusion detection / prevention systems (IDS/IPS), security information and event management (SIEM), Cloud Brokers (CASB), Cloud Workload Protection (CWP), deceptive technologies, and other threat and vulnerability management capabilities Familiarity with SRE concepts considered an asset. Relevant security (e.g., CISSP, CISM), and cloud certifications (e.g., AWS, GCP, Azure) SKILLS/COMPETENCIES REQUIRED: Demonstrated experience communicating technical information to business clients. Ability to translate cloud security concepts to a non-technical audience from a business risk management perspective. Experience with cloud services (AWS, Azure, and GCP) Knowledge of Cloud security principles Document assessments, recommendations, and customer engagements till resolution. Implement and maintain container security best practices and tools. Ensure the security of containerized applications throughout their lifecycle, from development to deployment and runtime. Strong understanding in Vulnerability scanning of container images for security weaknesses. Conducts product architectural design, issues, and solutions considerations for value streams in line with enterprise architecture guardrail. Understanding of container orchestration platforms and their security features. Collaborate with developers, DevOps engineers, and cloud teams to integrate security into the CI/CD pipeline. Extensive knowledge and understanding of security issues, techniques, and implications across multiple computer platforms. Ensure security components are managed and compliance is maintained throughout their lifecycle. Solid knowledge and understanding of Secure Software Development Life Cycle (SSDLC). Knowledge and understanding of security regulations and best practices such as PCI, SOX, HIPAA, or the ISO 27000 family of standards. Knowledge and understanding of core credential stores including LDAP repositories, operating systems, and databases. Security design methodologies, patterns, best practices, and corresponding defensive strategies. HOW WE SUPPORT OUR COLLEAGUES In addition to our comprehensive benefits package, we are proud to be an equal opportunity workforce. At Aon, we believe a diverse workforce is an innovative workforce. Our agile, inclusive environment allows colleagues to manage their wellbeing and work/life balance while empowering you to be your authentic self. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging them to take time to focus on themselves. We offer a variety of workstyle options through our Smart Working model, but we also recognize that flexibility goes beyond just the place of work... and we are all for it! Our continuous learning culture inspires and equips colleagues to learn, share and grow, helping them achieve their fullest potential. As a result, Aon colleagues are more connected, more relevant and more valued. #LI-RK2 2555430