Information Security Officer

REPORTING STRUCTURE

Role Directly Reports to: Group Chief Information Security Officer

QUALIFICATION:

Graduate (B.Sc. IT, BE) with Information Security Certifications CISM, CISSP

EXPERIENCE:

1. Candidate must have strong experience in Information Security Management System, Policy & Procedures creation and implementation

2. ISO27001 Assessment Specification for a framework of policies procedures that include all technical & operational controls

3. Candidate must have strong experience of Information Security Risk Management, Security Assessment, Defence in depth and offensive vs defensive techniques

4. Candidate must have experience on Vulnerability Management, Incident Management, Threat Intelligence and Analytics

5. Candidate must have experience of Cybersecurity Framework Implementation, Tools & Technologies

6. Candidate must have knowledge of Cybersecurity tools like Web Application Firewall, Privilege Identity & Access Management, SIEM, ZTA & Micro segmentation and Encryption

7. Must have understanding of Endpoint & Network Security technologies like EDR, Firewall, IDS/IPS, SSL VPN etc.

8. Candidate must have good communication skills (written & verbal both)

Key Roles/Responsibilities:

1. They will be responsible for managing Information & Cybersecurity compliance requirements

2. Perform risk assessment of all key applications and IT Infrastructure to ensure all risks are identified and mitigated

3. Responsible for handling the relevant application security practice areas like penetration testing, vulnerability assessment, data leakage protection, network security, monitoring, etc.

4. Periodically provide reports of IT security compliance, risk, and overall security posture to Chief Information Security Officer

5. They will be ensuring that potential security incidents are correctly identified, analyzed, investigated, reported and taken care of the ongoing operational components of Enterprise Information security

6. Responsible for evaluating and performing proof of concept of new Cyber Security Products required by the organization

7. They will be responsible to manage Business Continuity program as per regulatory framework

Skills Required:-

1. They must have 15+ Years of experience in Information Security, IT Risk Management with strong academic background

2. Ability to stay current with emerging threats, security risks and potential impacts to the business

3. Should have strong exposure on Frameworks, IDS/ IPS, Firewalls, Standards, Web App Security, Vulnerability Scanners, Network Security, Cyber Security, Anti Malware Systems etc.

4. Hands-on experience in Information Security & Risk areas driving remediation, analysis and mitigation in Cyber security, IT Infrastructure and applications.

5. Candidate should have at least one Information security certification CISM, CISA, CISSP or CEH