Manager - IT Security Management - Mfg

Position : Manager – IT Security

Reporting To VP & Group CIO

Process - Corporate IT

Age : Min 28

Experience : 5 - 8 Years experience with exposure to IT security Operations management in a medium size organization.

Roles and Responsibilities;

Risk Strategy and Planning :

- Create and maintain the enterprise’s security architecture design.

- Design for compliance to external standards like ISO 27001, IT Act, Company’s Law 2013, e-disposals law etc.

- Create and maintain the enterprise’s security documents (policies, standards, baselines, guidelines and procedures).

- Create and maintain the enterprise’s Business Continuity Plan and Disaster Recovery Plan.

Solution Acquisition and Deployment :

- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.

- Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise’s existing procurement processes.

- Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.

- Establish identity management, access control and Segregation of Duty standards and communicate to administrators.

Security Operations Management :

- Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.

- Ensure the enforcement of enterprise security documents.

- Supervise all investigations into problematic activity and provide on-going communication with senior management.

- Supervise the design and execution of vulnerability assessments, penetration tests and security audits.

- Engage in ongoing communications with peers in the Systems and Networking groups as well as the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation.

- Oversee perimeter security management like Firewall, Internet gateway, email gateway, DLP etc.

- Ensure that Backup planning is comprehensive and monitor for compliance by various teams.

- Oversee utilization of endpoint protection softwares like Anti-Virus, encryption, DLP, HIPS etc.

- Ensure protection of IT assets and the integrity, security and privacy of information.

Build a security Culture :

- Create, and maintain the enterprise’s security awareness training program.

- Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documents.

- Disseminate security information periodically to SRF group users through multiple media like mailers, sharepoint intranet, training sessions etc

- Establish awareness with privileged users and administrators.

- Establish Data classification mechanism

Oversee Hardware and Application Change management compliance and rigor.

Key Expectations :

- Good Operations Management, team handling skills

- Ability to analyze and resolve complex issues

- Effective verbal and written communication and presentation skills.

- Ability to research into IT security issues, advancements and products.

- Good relationship, network with vendors.

- Good Learning ability with attention to detail.

- Self-motivated, independent worker.

- Demonstrated ability to set and manage priorities.

- Ability to link and apply complex technologies to business strategies.

- Ability to work long and odd hours and on weekends when required

Remarks (Internal) :

- Experience in enterprise security architecture design, deployment and documentation.

- Experience in developing BCP and DR plans

- Working technical knowledge of Checkpoint firewall, Websense internet/email gateways, McAfee suite of products

- Experience of securing networks and managing security incidents.

- Minimum Qualification Required : BE / BTech / MCA

- + IT Security Certifications (CISSP, CISA, CISM, GIAC, CCSEetc)

Eligibility Criteria : 5 - 10 Years experience with exposure to IT security Operations management in a medium size organization.

Experience below is preferred :

- Experience in enterprise security architecture design, deployment and documentation.

- Experience in developing BCP and DR plans

- Working technical knowledge of Checkpoint firewall, Websense internet/email gateways, McAfee suite of products

- Experience of securing networks and managing security incidents.