Associate Director - Information Security/Cyber Security (8-15 yrs)
- Position is with a consulting organization, the incumbent would be responsible for managing and leading the internal information security for India . In the role you would be working closely with Senior Authorities and internal stake holders in driving the Enterprise wise information security.
- You are best fit if you have hands on operational & technical experience, understanding of Risk, having architected and deployed hand-on technical solutions on:
- Cloud Security
- Encryption / Malware
- Network Security
- Data Security/ Privacy
- Cloud/ MS certified architect,
In this role you would be responsible to:
- Develop, implement, review and maintain Cybersecurity policies, process framework, and relevant procedures basis globally accepted frameworks/standards such as ISO27001/2, ISO 27701 and ISO22301
- Develop, implement, review and maintain Cybersecurity technical standards, base secure configurations
- Coordinate with CIO / Senior IT Manager to develop, review and maintain Cybersecurity architecture, solutions and tools
- Inventorize and maintain Information assets and associated Cybersecurity solutions.
- Perform risk assessments at periodical time interval and develop, review and maintain risk treatment plans
- Establish and implement user access controls and identity and access management systems
- Monitor network, business applications performance to identify irregular or suspicious activities
- Perform data security and privacy impact assessments and to oversee security of personal and sensitive data across the firm.Deploy detection and prevention tools to prevent malicious hacks targeted at the Firm's Server farms, Desktop / Laptop devices and Smartphones
- Set up patch management systems and processes to update IT resources at the earliest possible opportunity
- Perform regular audits to ensure security practices are compliant. Interact with Internal auditors and ISMS auditors and address their reported control weaknesses
- Manage internal incident response processes
- Implement comprehensive vulnerability management systems and processes across all assets on-premises and in the cloud
- Participate and take active role in IT projects to define security requirements and ensure such controls are designed, acquired and implemented during the project activities
- Work with IT operations to set up and operate a shared disaster recovery/business continuity plan
- Work with HR and/or team leads to educate employees on information security threats and controls and how to identify and report suspicious activities..
- Any other matters relating to maintaining secure programs and activities of the Firm.
- Brief the executive team on status and risks, including taking the role of champion for the overall security strategy on a periodic basis.
- Communicate best practices and risks to all parts of the business, outside IT.
Education and Experience Level:
- Hands on experience in managing internal IT Security in an organization, Having experience in Auditing or Consulting organization would be beneficial
Qualification - Masters in Information security domain or Masters in Computer Science. Engineering.
- Should have experience on cyber security and privacy frameworks / standards /regulations including but not limited to ISO27001/2, ISO22301, ISO/IEC 27701.
- Should hold valid Cybersecurity certifications such as CISSP, CISA, Microsoft and AWS cloud security certifications.