Overall Objectives of Job

As a Security Champion embedded within AZRE development teams, you will be the security liaison ensuring secure software delivery aligned with regulatory requirements such as GDPR, Solvency II, and EIOPA guidelines. Your role will focus on embedding security practices into the Development lifecycle of IT products delivered. You will drive compliance and collaborate to safeguard sensitive data/systems and support continuous improvement of security posture in the development team/environment

• Security Advocacy & Enablement in the development team
• DevSecOps approach for Integration & Automation:
• Compliance & Regulatory Alignment:
• Risk Management & Incident Response:
• Domain-specific Vulnerability & Risk Management:
• Cross-Geography Collaboration & Leadership:
• Incident Response & Security Governance:

Qualification & Experience

Qualification:

• Bachelor’s degree in Computer Science, Cybersecurity, or related field or industry-recognized certifications preferred.

Experience:

• 5-8 years in DevSecOps, application security, or information security roles.
• Proven experience supporting European clients or shared services in regulated industries (insurance, financial services).

Certifications (Preferred only):

• Any of the certification preferred - CISSP, CISM, CEH, CCSP.
• GDPR Foundation or equivalent data privacy certifications preferable
• DevSecOps Foundation or related security automation certifications preferable

Skills/Specific Tasks/Activities performed

Technical

• Strong experience with DevSecOps tools and automation in CI/CD pipelines (Jenkins, GitLab CI, SonarQube, OWASP ZAP).
• Familiarity with European insurance application architectures and third-party integrations.
• Deep understanding of GDPR, Solvency II, and other EU insurance regulations affecting software security.
• Proficiency in cloud security and infrastructure as code (AWS, Azure, Terraform) and environments common in insurance tech stacks.
• Scripting skills (Python, Bash) to automate security tasks and reporting.
• Proficient with security testing tools: SAST (SonarQube, Checkmarx), DAST (OWASP ZAP, Burp Suite), SCA (Black Duck, Snyk) in Agile DevOps pipelines, preferably with insurance software.
• Familiarity with insurance software architecture patterns (microservices, APIs, legacy system integrations) and with container security (Docker, Kubernetes security best practices
• Solid understanding of European insurance business processes and data privacy laws.
• Knowledge of cross-border data transfer regulations and compliance impact on shared service operations.

Functional / Domain

Key Responsibilities

Security Advocacy & Enablement in the development team

• Collaborate with business units, product owners, and development teams to embed security early in design and development.
• Promote awareness of EU-specific regulatory requirements (GDPR, Solvency II) within development teams.
• Drive adoption of secure coding standards, focusing on data privacy and cross-border data flow protection.
• Ensure ARA and FitGap control matrix are defined at the solution stage itself

DevSecOps approach for Integration & Automation:

• Implement and manage security automation tools integrated into CI/CD pipelines supporting insurance platforms.
• Tailor security scanning and controls to address risks relevant to insurance services, including customer data privacy and financial compliance.
• Monitor, triage, and remediate vulnerabilities in collaboration with global stakeholders.

Compliance & Regulatory Alignment:

• Ensure software security controls meet regulatory and compliance standards.
• Support preparation and evidence gathering for audits by European regulators.
• Assist with data protection impact assessments (DPIA) and ensure alignment with GDPR requirements.
• Ensure evidences for ARA/FitGap controls are available or are planned

Risk Management & Incident Response:

• Conduct threat modeling and risk assessments specific to insurance processes impacting business
• Lead coordination for security incidents impacting shared services supporting European insurance.
• Collaborate with different teams to establish rapid response and mitigation protocols.

Domain-specific Vulnerability & Risk Management:

• Identify risks unique to insurance platforms such as exposure of Personally Identifiable Information (PII), financial transaction vulnerabilities, and fraud detection gaps.
• Facilitate threat modeling sessions for insurance workflows, including policy issuance, claims adjudication, and customer onboarding processes.
• Work with risk and compliance teams to ensure alignment with industry standards like GDPR, SOC 2, ISO 27001 OR PCI-DSS.

Cross-Geography Collaboration & Leadership:

• Act as a bridge between Indian development team and Allianz’s security units
• Mentor developers or junior security champions and promote best practices across the shared services ecosystem.
• Foster continuous security improvement and knowledge sharing in a multi-cultural environment.

Incident Response & Security Governance:

• Support investigations of security incidents impacting insurance data and applications.
• Prepare compliance evidence and reports for insurance regulators and auditors
• Maintain and update security policies and standards to reflect evolving insurance regulations and threat landscapes.