Position - Asst Vice President/ Dy Vice President - Info Security Architect
JD:
Primary Responsibility
Primarily responsible for Information Security Architect
This role will secures enterprise information by determining security requirements; planning, implementing and testing security systems; preparing security standards, policies, and procedures; mentoring team members.
- Support the development of information technology solutions by leading and evaluating the security components of solution architectures with a focus on cloud. This will include determining security requirements, design specifications, and compliance controls as well validating adherence to security policies, standards, and industry-accepted best practices.
- This role will be responsible for providing deep technical expertise regarding security risks and risk mitigation approaches. Additionally, this role will assist in the creation a unified approach to security to support the rapid evolution and innovation needs of our information technology projects and cloud migration efforts.
Responsibilities:
- Develop security architecture and guiding principles to support information technology initiatives with a focus on cloud
- Drive, influence and coordinate a secure approach to the development of solutions across the enterprise
- Deliver deep technical guidance related to enhancing the security posture information technology solutions
- Participate in the security governance model, establishing policies, standards and best practices
- Proactively address changes in the external threat landscape that have an impact on the use of on premise and cloud computing technologies
- Lead, coach and mentor project teams to incorporate security into enterprise and client-facing applications
- Assist with the integration of security into cloud services delivery standards
- Oversee and drive the design and implementation of security architecture controls in support of compliance requirements
- Develop and deliver communications to management and company-wide stakeholders
- Enhances security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
- Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
- Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
- Establish procedures, SLAs, on-call availability, operational procedures; taking the processes/people/technology from existing maturity to continuously improving
Performance Parameters
- Partner with Security Program Management teams to provide a comprehensive security dashboard including relevant metrics, SLA, KPIs etc.
- Develop key metrics and report on a regular basis
Primary Internal Interactions-
- Technology Group
- Corporate functions viz., Internal Audit, HR, Facilities, Finance, Legal etc.
- Business Units i.e. TTL, Insurance, Analytics etc.
- DRP / BCP teams
Primary External Interactions-
- Client/Client Auditors
- Third Party suppliers and service providers
- Security product and service vendors
Qualifications:
- Bachelor's degree in Computer Science or Business Administration, or relevant educational or professional experience
- Maintain an industry-recognized security certification such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Ethical Hack (CEH), or Certified Cloud Security Professional (CCSP) desired
- Strong knowledge of information security frameworks and various technology solutions part of security stack
- Knowledge of cyber security standards and frameworks such as ISO 27001 or NIST 800-32 desired
Experience
- Minimum 12+ years of experience in IT infrastructure related field
- Minimum 8+ years of enterprise information security architecture and information security system design.
- At least 1 year experience integrating security into cloud
Didn’t find the job appropriate? Report this Job