Job Specification Parameters Desired Minimum
Age 32+
Education -BE + MBA Preferably BE / B. Tech / Graduate
Years of Experience -7 + years
Type of Experience
- With at least 9+ years of progressive experience in IT with 7 years dedicated exposure in Information Security
- Certification in CEH, ECSA, Lead Auditor, CISM/CISA.
- Demonstrate knowledge of information security Standards and Frameworks With at least 7 years of progressive experience in IT with 6 years dedicated exposure in Information Security
- Lead Auditor certification. CISM / CISA preferred
Overall purpose of the Job
This role would be responsible for identifying and implementing mitigations practices and controls ensuring adequate application and infrastructure security posture is maintained all at times
Key Performance Areas
Key Task & Activities Skills / Competencies required
Web & Mobile Application Security Management
- Good at application threat modeling and applications risk identification & remediation
- Strong web application security experience with thorough understanding of web application vulnerabilities
- Knowledge of database, application, and web server design and implementation
- Familiarity with Security standards \ frameworks and groups (OWASP, OSSTM, WASC, FISMA)
- Experience in dynamic and static application vulnerability scanners like HP WebIspenct, IBM AppScan, HP Fortify, etc
- Create, implement & review data protection strategy across the organization.
- Experience in client handling including interaction with developers for understanding the mitigations
- Experience on Mobility Platform like Phone-Gap \ native Android \ Worklite and MDM /MAM
- Knowledge of DevOps and other upcoming technologies used in SDLC
- Experience in manual verification of false positives reported by automated tool
- Devise and enforce standards and best practices for data protection in line with international standards and industry best practices.
- Evaluate the adequacy of security measures including network security to protect organizational data and information assets
Project Management and Vendor Management
- Define and implement project as per approved Plan of action.
- Identify security solutions as per business needs
- Manage POC for agreed and approved solutions as per defined process
- Conduct partner reviews
- Coordinate with vendors / partners on closure of projects / activities
- Manage intra and inter department conflict amicably
IT Risk management and Process assurance
- Benchmark and compare security practices with the industry
- Implementation, operation and maintenance of the Information Security Management System based on standards like ISO/IEC 27001, Cobit, ITIL etc as applicable.
- Information security risk assessments and controls selection activities
- Track all audit schedules and ensure closure of all security gaps.
- Reporting of all critical security issues
- Co-ordinate for Risk Assessment of IT systems and Third Party workloads
- Facilitate Internal process and IT audits
Audit and Compliance
- Software license compliance at all times
- Implement tools and processes related to compliance monitoring as per internal security policies and applicable laws and regulations
- Facilitate and drive initiatives of Internal Audits for Information Technology and update on Closure and Identified Risk to the Management
- Review of Third Party applications / systems and network security on monthly basis
- Adherence To Change Management Processes
Personal Attributes
- Honest and Self Disciplined
- Display Business Integrity & Ethics
- Displays Leadership and team building skills
- Displays Logical thinking for problem evaluation and solving
Interested candidates can email their cv along with following details:
Total Exp
Current Co-
Current CTC-
Expected CTC-
Notice period-
Reason for change-
Availability for interview -Yes/No
Didn’t find the job appropriate? Report this Job