Manager- Cyber Security

Key Responsibilities :

- Serve as a SME on cloud cyber risk for leading cloud platforms AWS, Azure/ office 365.

- Design and develop cloud platform-specific security policies, standards, and procedures for management group and account/subscription management and configuration e.g. azure policy, azure security center, aws config, identity management and access control, firewall management, auditing and monitoring, security incident and event management, data protection, user and administrator account management, sso, conditional access controls and password/secrets management.

- Develop and lead cyber risk Initiative as part of cloud transformation projects on AWS\Azure cloud services.

- Educate technology stakeholders on value propositions of cloud and participate in deep architectural discussions to ensure no security gaps in solutions

- Coordinate enhancements and deployment efforts and provide insight and recommendations for implementing cloud security solutions.

- Lead cloud security assessments as per Internal, IRDAI and industry standard frameworks.

- Develop strategic and tactical security remediation recommendations / cyber risk roadmap to address identified security gaps.

- Lead cybersecurity controls testing across Onprim & Cloud Env to determine control effectiveness and adherence to both internal cybersecurity policies and external requirements e.g. certifications, laws, regulations and contracts.

- Improve agility and resilience of cloud environments identifying opportunities to reduce it operations through automation.

- Perform audit and security compliance checks, including vulnerability scans and closure, configuration reviews and network traffic analysis

- Perform security risk assessments that support business requirements, and recommend mitigations and countermeasures to address risks, vulnerabilities and threats

- Develop patch management process across Onprim and Cloud infrastructure and services, continuous monitoring of patch compliance

- Design & Support cyber-security training and awareness within the region to increase staff security awareness

- Assess operational and implementation costs and evaluate them against the potential business impact if the policies and controls are not implemented.

- Assess the effectiveness of the measures against security risk management plan.

- Develop IT security policy and operational procedures based on Information security and IRDAI guidelines.

- Develop a documented action plan containing policies, practices and procedures that mitigate the identified risks.

- Document information related to IT security attacks, threats, risks and controls.

- Evaluate effectiveness of current incident response plan against industry good practices.

- Evaluate response plans periodically to ensure relevance.

- Perform comparative analysis of security service performance level parameters against security information sources.

- Responsible for the IT team's success in security incident monitoring, identification, assessment, quantification, reporting, communication, and mitigation efforts.

- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action

- Help with DR planning and BCP framework implementation. Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas

- Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight challenges as needed with key stakeholders.

- Keep abreast of latest security and privacy legislation, regulations, adversaries, alerts, and vulnerabilities.

- Work closely with ERM and internal assurance team to close identified vulnerabilities across On prim & Cloud Env

- Responsible for delivery of 24-7-365 Security operations and agreed KPI compliance.

- Manage IT Security CAPEX and expense budgets as per Management direction.

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.