Job Title: Manager
Reporting To: VP - Business Systems & Technology
Job Specification:
Parameters Desired-Minimum
Age 32+-29
Education BE + MBA or Preferably BE / B. Tech / Graduate
Years of Experience 9+-7
- Type of Experience With at least 9+ years of progressive experience in IT with 7 years dedicated exposure in Information Security
- Certification in CEH, ECSA, Lead Auditor, CISM/CISA.
- Demonstrate knowledge of information security Standards and Frameworks
- With at least 7 years of progressive experience in IT with 6 years dedicated exposure in Information Security
- Lead Auditor certification. CISM / CISA preferred
Overall purpose of the Job
- This role would be responsible for identifying and implementing mitigations practices and controls ensuring adequate application and infrastructure security posture is maintained all at times
- Web & Mobile Application Security Management
- Good at application threat modeling and applications risk identification & remediation
- Strong web application security experience with a thorough understanding of web application vulnerabilities
- Knowledge of database, application, and web server design and implementation
- Familiarity with Security standards \ frameworks and groups (OWASP, OSSTM, WASC, FISMA)
- Experience in dynamic and static application vulnerability scanners like HP WebIspenct, IBM AppScan, HP Fortify, etc
- Create, implement & review data protection strategy across the organization.
- Experience in client handling including interaction with developers for understanding the mitigations
- Experience on Mobility Platform like Phone-Gap \ native Android \ Worklite and MDM /MAM
- Knowledge of DevOps and other upcoming technologies used in SDLC
- Experience in manual verification of false positives reported by automated tool
- Devise and enforce standards and best practices for data protection in line with international standards and industry best practices.
- Evaluate the adequacy of security measures including network security to protect organizational data and information assets
Project Management and Vendor Management
- Define and implement project as per approved Plan of action.
- Identify security solutions as per business needs
- Manage POC for agreed and approved solutions as per defined process
- Conduct partner reviews
- Coordinate with vendors / partners on closure of projects / activities
- Manage intra and inter department conflict amicably
IT Risk management and Process assurance :
- Benchmark and compare security practices with the industry
- Implementation, operation and maintenance of the Information Security Management System based on standards like ISO/IEC 27001, Cobit, ITIL etc as applicable.
- Information security risk assessments and controls selection activities
- Track all audit schedules and ensure closure of all security gaps.
- Reporting of all critical security issues
- Co-ordinate for Risk Assessment of IT systems and Third Party workloads
- Facilitate Internal process and IT audits
Audit and Compliance :
- Software license compliance at all times
- Implement tools and processes related to compliance monitoring as per internal security policies and applicable laws and regulations
- Facilitate and drive initiatives of Internal Audits for Information Technology and update on Closure and Identified Risk to the Management
- Review of Third Party applications / systems and network security on monthly basis
- Adherence To Change Management Processes
Personal Attributes - Honest and Self Disciplined :
- Display Business Integrity & Ethics
- Displays Leadership and team building skills
- Displays Logical thinking for problem evaluation and solving
Didn’t find the job appropriate? Report this Job