Head of Information Security

Location - Hyderabad(WFO)

Experience - 15 to 20 years

Job Description:

- The Head of Information Security is a critical member of the CEO's leadership team. This role must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting.

- This leadership role requires an individual with a strong technical background, as well as an ability to work with the IT organization and business management to align priorities and plans with key business objectives. A key imperative of this role is to strike a balance of real-world risks with business drivers such as speed, agility, flexibility and performance.

Responsibilities:

The job role is composed of following set of activities:

Strategic:

- Work with the CEO and other stakeholders to develop a security program and security projects that address identified risks and business security requirements.

- Define metrics and reporting strategies that effectively communicate successes and progress of the security program.

- Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as provide a realistic overview of risks and threats in the enterprise environment.

- Evaluate and establish a Security Operations Center (SOC) as appropriate and plan for it to deliver sustained value to the organization

- Develop budget projections based on short- and long-term goals and objectives.

- Monitor and report on compliance with security policies, as well as the enforcement of policies within the departments

- Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.

- Establish and help sustain information security governance to improve the Information Security posture of the organization.

- Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.

Security Liaison:

- Assist business owners and IT staff in understanding and responding to security audit failures reported by auditors.

- Provide security communication, awareness and training for audiences, across the organization

- Work as a liaison with vendors and the internal departments to establish appropriate contracts and service-level agreements.

- Manage production issues and incidents, and participate in problem and change management forums.

- Provide support and guidance for legal and regulatory compliance efforts, including audit support.

Architecture/Engineering Support:

- Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.

- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.

- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.

- Work within the Digital Transformation team and the business functions to ensure that there is a convergence of business, technical and security requirements

- Implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

Operational Support:

- Coordinate, measure and report on the technical aspects of security management.

- Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.

- Manage and coordinate operational components of incident management, including detection, response and reporting.

- Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.

- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.

- Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.

- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and follow policies and audit requirements.

- Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks. Initial Envisaged Roadmap for the leader

- Streamline the Information Security related processes in the organization and improve its Information

Security posture:

- The leader will be expected to set-up a 24X7 Security Operations Center (SOC) to bring in the best-inclass infrastructure and solutions to assess vulnerabilities and prevent, detect, protect and predict any potential cyber threats

- Create focus on Risk Management, Business Continuity Planning and Scenario Planning and Analysis

- Have an Enterprise Risk Management strategy formulated and implemented

- Build right skills for risk analysis & mitigation, cyber-security testing

The individual must have the following:

- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x

- Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.

- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.

- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.

- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.

- An understanding of operating system internals and network protocols.

- Familiarity with the principles of cryptography and cryptanalysis.

- Experience in application technology security testing (white box, black box, code review, Simian Testing etc).

- Experience in system technology security testing (vulnerability scanning and penetration testing).

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.