Lead Assistant Manager at EXL Service
Views:1575 Applications:57 Rec. Actions:Recruiter Actions:5
EXL Service - Senior Assistant Vice President - Information/Cyber & Application Security (14-16 yrs)
Job Description :
Position Title, Responsibility Level : SAVP
Function : Global Technology (Information Security)
Reports to : Vice President - Information Security & Cyber Security
Permanent/ Temporary : Permanent
Span of Control : 8-10
Location : Noida
Basic Function :
Primarily responsible Leading and Managing the Enterprise Threats / Vulnerability / Risk posture through establishing a strong framework and continual improvement for :
- Infrastructure Network Vulnerability Assessment and Penetration Testing
- Secure Application Development Framework and Security Assessments
- Designing a framework for Cyber Security Offensive testing, Cyber Drills, Red Teaming, Bugs Bounty and Social Engineering simulations to test and drive improvement initiatives for cyber readiness
- Designing and Enhancing Enterprise Security Architecture
Essential Functions :
The role is responsible for ensuring continued and successful security assessments and operations in the following areas :
Infrastructure Security :
To lead a team responsible for :
- Managing Vulnerability Management System (Qualys, Nessus), Penetration Testing, and configuration reviews.
- To coordinate and facilitate the information security audits (including process & technical audits - VA/PT), and work with technology teams for the observations closure.
- To Perform and Manage Enterprise wide Risk Assessment. To coordinate with various functions for timely execution of Risk Assessment for Technology function.
- To test and research new vulnerabilities
- To perform red team exercises and conduct ethical pen testing and cyber-attack simulations
- To contribute in ISO27001 and PCI DSS certifications audits.
Application Security :
To lead a team responsible for :
- Maturity of Secure Development of Application(SDLC process)
- Secure Software Requirements - capturing security requirements in the requirements gathering phase
- Secure Software Design - translating security requirements into application design element
- Secure Software Implementation/Coding - unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
- Secure Software Testing - integrated QA testing for security functionality and resiliency to attack
- Software Acceptance - security implication in the software acceptance phase
- Software Deployment, Operations, Maintenance and Disposal - security issues around steady state operations and management of software
Security Assessments and Architecture :
- Design Security Architecture standard for the organization
- To conduct security risk assessments for technology architecture and solutions, including cloud and
- Determines security requirements by evaluating business strategies and requirements
- Researching and enhancing organizational security architecture standards
- Ensuring Technology Solutions and Applications are supported by robust and resilient Security Architecture
Primary Internal Interactions :
- Technology Function (Network, Systems, Applications etc)
- Business Teams
Primary External Interactions :
- Clients
- Auditors (Big 4s)
- Security Suppliers
Organizational Relationships :
Reports To : Vice President - Information Security & Cyber Security
Supervises : In - house and Supplier Security Team
Skills :
Technical Skills :
- VAPT
- Ethical Hacking
- Malware Analysis
- Cyber Drills
- Exploit analysis and design
- Application Security
- Security Architecture
Process Specific Skills :
- ISO27001
- Risk Assessment
Soft skills (Desired) :
- Capable of managing project tasks individually and as a team
- Ability to document and explain technical details in a concise & understandable manner
- Good Oral and written communication skills
- Good Presentation & Public speaking skills
Soft Skills (Minimum) : Same as above
Education Requirements : Graduation
One or more of the following certifications is desirable : CISSP / CEH / CHFI / ECSA / OSCP
Work Experience Requirements :
Total Experience : 14-18 years
- Hands on experience of working on Linux/Windows environment, Metasploit framework, Nessus, Qualys, Malware Analysis, Vulnerability Assessment and Penetration Testing, IBM AppScan, HP WebInspect, Burp Suite, NetSparker etc.
This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.