Security Program Manager
iCert Global
full-time
Posted on:
Location Type: Hybrid
Location: Pune • India
Visit company websiteExplore more
About the role
- Own end‑to‑end security conversations for strategic customers
- Act as the single-threaded owner across Cloud Ops, DevOps, CPS, Engineering, and Compliance
- Translate customer security standards into implementable, testable, and supportable models
- Ensure consistent positions across decks, calls, audits, and escalations
- Own customer discussions around:
- VMSS vs VM security equivalence
- Non‑domain‑joined deployments
- Image‑based enforcement, identity lifecycle, drift handling
- Lead definition and validation of:
- Patching lifecycle and visibility
- Monitoring and telemetry alignment (MDE, Sentinel, customer tools)
- Support and escalation RACI in customer‑owned subscriptions
- Drive clarity on what Icertis owns vs what the customer owns
- Own formal risk narratives for deviations from customer standards**(e.g., domain‑join semantics, tooling assumptions)
- Coordinate executive‑level risk acceptance with customer CSO teams
- Ensure deviations are:
- Explicitly documented
- Guard‑railed
- Time‑bound
- Supported by equivalent security outcomes
- Own structured approaches for:
- GPO change management
- Emergency vs planned enforcement
- Impact assessment and rollback logic
- Ensure every change has:
- Clear ownership
- Defined timelines
- Evidence and traceability
- Own customer security posture for:
- Git runners / CI‑CD execution models
- Private Link vs DMZ‑based execution
- Network allow‑listing and proxy constraints
- Ensure deployment models remain:
- Secure
- Auditable
- Scalable across future releases (not bespoke per customer)
- Own the evidence model for strategic customers:
- Patch visibility
- Scan outputs (SAST, SCA, VAPT)
- Image lineage and deployment traceability
- Convert ad‑hoc evidence requests into repeatable, system‑driven artifacts
- Support audits without creating parallel operational processes
Requirements
- Deep understanding of Azure infrastructure security and operating models
- Experience operating in customer‑owned cloud environments
- Strong grasp of:
- VMSS / image‑based security models
- Patch management and visibility
- Monitoring, telemetry, and SOC integrations
- Ability to reason about security equivalence, not just control checklists
- Proven ability to lead high‑noise, high‑scrutiny customer engagements
- Comfortable engaging CSO / architecture review boards
- Strong documentation and narrative skills for:
- Risk acceptance
- Decision points
- Executive summaries
- Azure Security certifications
- Experience with large regulated enterprises (telecom, finance, government)
- Prior ownership of customer‑specific cloud security operating models
- Ownership mindset (“this is my problem end‑to‑end”)
- Structured thinking under ambiguity
- Ability to reduce repeated questions into durable answers
- Calm, credible presence in customer security forums
- 10–15 years in Cloud / Security / Infrastructure roles
- 5+ years owning security programs with direct enterprise customer exposure
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Azure infrastructure securityVMSS security modelsPatch managementMonitoringTelemetrySOC integrationsImage-based enforcementIdentity lifecycle managementDrift handlingEvidence model
Soft Skills
LeadershipDocumentation skillsStructured thinkingCalm presenceOwnership mindsetAbility to reasonEngagement with CSOCommunicationRisk narrative skillsProblem-solving
Certifications
Azure Security certifications