ServiceNow SecOps Architect

ServiceNow Security Lead is responsible for ensuring the security, compliance, and governance of the ServiceNow platform in conjunction with Service Now & customer platform security shared responsibility model. This role focuses on implementing security best practices, managing access controls, integrating security tools, and strengthening risk management processes. The Security Lead collaborates with IT, cybersecurity, and compliance teams to safeguard sensitive data, prevent unauthorized access, and enhance the platform’s overall security posture.

Experience : 14-18 Years of IT security experience, with 14+ years in ServiceNow security architecture, administration, or operations.

Key Responsibilities

• Security Strategy & Compliance
• Define and enforce compliance to security policies, standards, and best practices for the ServiceNow platform in alignment with ServiceNow recommended Platform security shared responsibility model.
• Ensure service now platform is compliant with internal and external infosec requirements and industry best practices
• Establish governance frameworks for secure development, data protection, and risk mitigation.
• Access Control, Authentication, and authorization
• -Design and manage role-based access control (RBAC), ACLs, and authentication mechanisms in ServiceNow.
• Responsible for Single Sign-On (SSO), Multi-Factor Authentication (MFA), and enterprise IAM solutions based on Infosec standard
• Regular review of access control & entitlement based on the job function and refinement using the principle of least privilege,
• Security Operations & Incident Management
• Oversee the implementation and optimization of ServiceNow Security Operations (SecOps), including:
• Security Incident Response (SIR) – streamline incident detection, triage, and resolution.
• Vulnerability Response (VR) – automate vulnerability identification and remediation workflows.
• Threat Intelligence – integrate threat feeds and security insights for proactive defense.
• Coordinate with cybersecurity teams to detect, investigate, and respond to threats affecting ServiceNow.
• Data Privacy, Security & Encryption
• Defining Service Now data classification, data retention & data discovery strategy in alignment with Customer data management policies /standards
• Implement data encryption strategy at rest, in transit & encryption key management Determining the data collection, storage, usage, sharing, archiving, and destruction policy of data processed in ServiceNow instances.
• Monitor access patterns and system activity to identify potential security threats.
• Secure Integrations & Automation
• Design and enforce secure API management for integrations between ServiceNow and third-party security tools (e.g., Active Directory, CyberArk and Aveksa, Azure AD, RIM, IAM).
• Leverage IntegrationHub, Automation Engine, and Orchestration to streamline security workflows.
• Ensure secure data exchange and prevent unauthorized access to ServiceNow instances.
• Risk & Compliance Management
• Deploy and manage ServiceNow Governance, Risk, and Compliance (GRC) solutions to assess security risks.
• Participate regular security audits, risk assessments, and penetration tests on the ServiceNow platform.
• Define and implement security controls to mitigate risks and enhance compliance.