IT Security Project SME

Job Title:

IT Security Project SME

Job Grade (refer to JE)

G9A/G9B

Function:

Cyber Security

Sub-function:

IT Security Projects

Manager’s Job Label:

IT Security Engineering

Skip Level Manager’s Label:

CISO

Function Head Title:

CISO

Location:

Mumbai

No. of Direct Reports (if any)

NA

Business Unit:

IT

Job Summary

At Sun Pharma, we commit to helping you “Create your own sunshine”— by fostering an environment where you grow at every step, take charge of your journey and thrive in a supportive community.

Are You Ready to Create Your Own Sunshine?

As you enter the Sun Pharma world, you’ll find yourself becoming ‘Better every day’ through continuous progress. Exhibit self-drive as you ‘Take charge’ and lead with confidence. Additionally, demonstrate a collaborative spirit, knowing that we ‘Thrive together’ and support each other’s journeys.”

Areas Of Responsibility

The IT Security Project Subject Matter Expert (SME) is the definitive technical authority assigned to high-priority security projects. This role ensures the technical design, implementation, and quality of security solutions align with organizational standards, security architecture principles, and regulatory requirements. The SME manage the project timeline and accountable for the technical integrity and success of the security outcome.

Technical Authority & Guidance

• Expert Consultation: Serve as the "go-to" expert for one or more core security domains (e.g., Identity and Access Management (IAM), Cloud Security, Data Loss Prevention (DLP), or Security Information and Event Management (SIEM)).
• Architectural Review: Provide critical technical review and sign-off on security project architecture designs, ensuring solutions are robust, scalable, and adhere to the enterprise security framework (e.g., NIST, ISO 27001).
• Technical Decision-Making: Evaluate and recommend security tools, technologies, and vendor solutions, providing unbiased, factual advice to management and business stakeholders.
• Complex Problem Solving: Lead the technical troubleshooting and resolution of complex security challenges encountered during project implementation and post-deployment stabilization.

Project Support & Quality Assurance

• Requirements Translation: Work directly with business and compliance teams to translate complex business needs and regulatory requirements into detailed, actionable technical security requirements for the engineering team.
• Validation & UAT Support: Design and approve the test cases and methodologies for User Acceptance Testing (UAT) and technical validation, ensuring the implemented security controls function as intended.
• Documentation: Create, review, and approve high-quality technical documentation, including configuration guides, standard operating procedures (SOPs), and runbooks for the operational support team.
• Security-as-Code Integration: Guide DevOps and engineering teams on integrating security best practices and automated testing into the CI/CD pipeline for the project deliverables (DevSecOps).

Training & Knowledge Transfer

• Mentorship: Act as a mentor and coach for junior security engineers and analysts on the project team, raising the overall technical competency of the group.

• Knowledge Transfer: Conduct detailed technical workshops and training sessions to transfer project knowledge and support materials to the IT Operations and Security Operations Center (SOC) teams prior to project closure.

Travel Estimate

5%

Job Scope

Internal Interactions (within the organization)

Cyber Security Team, IT Infrastructure Team, Cloud Infrastructure Team, DevOps Team, Applications Team, Business Stakeholders

External Interactions (outside the organization)

Vendor Management, OEMs, Security Service Providers, Cloud Security Service Providers

Geographical Scope

Global

Financial Accountability (cost/revenue with exclusive authority)

NA

Job Requirements

Educational Qualification

Bachelor’s degree in technical field (Computer Science, Engineering, Computer Application, Information Security), BSc IT. Master’s is preferred

Specific Certification

Required Certifications (Specialized): Certifications relevant to the domain of expertise (e.g., SANS GIAC certifications, AWS Advanced Networking/Security, Microsoft Expert certifications, Security OEMs related certifications).

Strongly Preferred Certifications (Foundational): CISSP, CISM, or other advanced foundational security accreditations.

Experience

8+ years of experience in Information Security, with 3+ years specifically focused on security architecture design, implementation and operations.

Skill (Functional & Behavioural):

• Proven track record and experience in Information Security Engineering, Architecture, or Operations.
• Deep, hands-on, expert-level knowledge in a specialized security domain (Data Protection, Micro Segmentation, Network Security, Endpoint Security, Application Security, Cloud Security, NGFW, WAF, IAM, PAM, CIAM, CSPM, DSPM, CASB, ZTNA, MFA, EDR, ITDR, SIEM, SOAR, UEBA etc.)
• Expertise in security standards, frameworks, and best practices (e.g., NIST CSF, CIS Controls, ISO 27001).
• Strong experience with technical scripting or automation relevant to the security domain (e.g., Python, Terraform, PowerShell).
• Proven ability to work in a project-driven environment and manage technical deliverables without direct personnel management authority.
• Excellent written and verbal communication skills, with the ability to articulate highly technical concepts to both technical and non-technical audiences.
• Strong analytical and critical thinking skills, capable of dissecting complex security problems into manageable, solvable components.

Your Success Matters to Us

At Sun Pharma, your success and well-being are our top priorities! We provide robust benefits and opportunities to foster personal and professional growth. Join us at Sun Pharma, where every day is an opportunity to grow, collaborate, and make a lasting impact. Let’s create a brighter future together!