Security Operations Officer

Data Security Architecture Implementation

Design and implement data security controls including DLP, encryption, and data protection mechanisms across structured and unstructured environments.

Ensure consistent enforcement of data classification, encryption, and access controls across databases, endpoints, and cloud platforms.

Translate PDPPL and national data classification requirements (C0, C4) into enforceable technical controls.

Embed privacy controls such as masking, tokenization, and anonymization into applications and data platforms.

Conduct Data Protection Impact Assessments (DPIAs) with a focus on identifying and mitigating technical risks.

Implement data discovery, classification, and lineage tooling to track sensitive data flows.

Enforce data residency and sovereignty requirements across cloud platforms (Azure, GCP).

Implement safeguards for Generative AI and LLM usage, including access control, logging, and data leakage prevention.

Apply masking and anonymization techniques to datasets used in AI/ML pipelines.

Perform technical security validation of AI vendors, focusing on data handling and model‑training exposure risks.

Implement encryption and data filtering controls for data flows between OT and IT cloud environments.

Enforce security controls at Industrial DMZ and integration points (e.g., firewalls, proxies, encryption gateways).

Support detection of data exposure risks from industrial systems through logging and monitoring solutions.

Manage and operate encryption solutions including HSMs and Cloud KMS, BYOK, and HYOK. Deploy, tune, and operate DLP, Database Activity Monitoring (DAM), and data classification tools such as Microsoft Purview and Azure Information Protection.

Support incident detection and response related to data leakage, misuse, or unauthorized access.

• Security Assurance – Lead security assessments, architecture reviews, vulnerability management, and assurance activities. Establish and operate a structured Security Assurance Framework covering control validation, coverage tracking, and continuous assurance. Manage the full security lifecycle from risk identification through remediation and validation. Translate technical findings into business‑level risk statements and remediation plans.
• Application & Cloud Infrastructure Security – Perform in‑depth security assessments of web applications, APIs, mobile applications, cloud platforms, containers, and infrastructure. Identify advanced security risks such as business‑logic flaws, authentication weaknesses, privilege abuse, and modern attack techniques. Validate secure architectures, configuration baselines, and cloud‑native security controls. Support secure SDLC and Dev Sec Ops  practices, including security testing and release controls.
• Configuration Baselines & Continuous Hardening – Define and maintain secure configuration baselines across the enterprise technology stack (OS, databases, network devices, cloud services, identity platforms, and security tools). Align baselines with industry standards (e.g., CIS Benchmarks) and organizational risk requirements. Implement automated configuration compliance checks and continuous monitoring mechanisms. Conduct periodic reviews and validation of configurations to detect drift, misconfigurations, and unauthorized changes.
  
  Work with engineering and operations teams to enforce hardening standards and remediate deviations.
• Architecture & Threat Modeling – Lead security architecture and design reviews across applications, platforms, and integrations. Conduct threat modeling to identify attack paths, risks, and mitigation strategies. Ensure alignment with enterprise security architecture and Zero Trust principles.
• Third‑Party Data Protection Resilience – Conduct security assessments of vendors, SaaS providers, and external integrations. Validate data protection,…