AVP/DVP - Information Security Architect - IT/ITeS

Position - Asst Vice President/ Dy Vice President - Info Security Architect

JD:

Primary Responsibility

Primarily responsible for Information Security Architect

This role will secures enterprise information by determining security requirements; planning, implementing and testing security systems; preparing security standards, policies, and procedures; mentoring team members.

- Support the development of information technology solutions by leading and evaluating the security components of solution architectures with a focus on cloud. This will include determining security requirements, design specifications, and compliance controls as well validating adherence to security policies, standards, and industry-accepted best practices.

- This role will be responsible for providing deep technical expertise regarding security risks and risk mitigation approaches. Additionally, this role will assist in the creation a unified approach to security to support the rapid evolution and innovation needs of our information technology projects and cloud migration efforts.

Responsibilities:

- Develop security architecture and guiding principles to support information technology initiatives with a focus on cloud

- Drive, influence and coordinate a secure approach to the development of solutions across the enterprise

- Deliver deep technical guidance related to enhancing the security posture information technology solutions

- Participate in the security governance model, establishing policies, standards and best practices

- Proactively address changes in the external threat landscape that have an impact on the use of on premise and cloud computing technologies

- Lead, coach and mentor project teams to incorporate security into enterprise and client-facing applications

- Assist with the integration of security into cloud services delivery standards

- Oversee and drive the design and implementation of security architecture controls in support of compliance requirements

- Develop and deliver communications to management and company-wide stakeholders

- Enhances security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.

- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.

- Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.

- Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.

- Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.

- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.

- Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.

- Establish procedures, SLAs, on-call availability, operational procedures; taking the processes/people/technology from existing maturity to continuously improving

Performance Parameters

- Partner with Security Program Management teams to provide a comprehensive security dashboard including relevant metrics, SLA, KPIs etc.

- Develop key metrics and report on a regular basis

Primary Internal Interactions-

- Technology Group

- Corporate functions viz., Internal Audit, HR, Facilities, Finance, Legal etc.

- Business Units i.e. TTL, Insurance, Analytics etc.

- DRP / BCP teams

Primary External Interactions-

- Client/Client Auditors

- Third Party suppliers and service providers

- Security product and service vendors

Qualifications:

- Bachelor's degree in Computer Science or Business Administration, or relevant educational or professional experience

- Maintain an industry-recognized security certification such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Ethical Hack (CEH), or Certified Cloud Security Professional (CCSP) desired

- Strong knowledge of information security frameworks and various technology solutions part of security stack

- Knowledge of cyber security standards and frameworks such as ISO 27001 or NIST 800-32 desired

Experience

- Minimum 12+ years of experience in IT infrastructure related field

- Minimum 8+ years of enterprise information security architecture and information security system design.

- At least 1 year experience integrating security into cloud