Manager - Information Security & Application Security

Job Specification Parameters Desired Minimum

Age 32+

Education -BE + MBA Preferably BE / B. Tech / Graduate

Years of Experience -7 + years

Type of Experience

- With at least 9+ years of progressive experience in IT with 7 years dedicated exposure in Information Security

- Certification in CEH, ECSA, Lead Auditor, CISM/CISA.

- Demonstrate knowledge of information security Standards and Frameworks With at least 7 years of progressive experience in IT with 6 years dedicated exposure in Information Security

- Lead Auditor certification. CISM / CISA preferred

Overall purpose of the Job

This role would be responsible for identifying and implementing mitigations practices and controls ensuring adequate application and infrastructure security posture is maintained all at times

Key Performance Areas

Key Task & Activities Skills / Competencies required

Web & Mobile Application Security Management

- Good at application threat modeling and applications risk identification & remediation

- Strong web application security experience with thorough understanding of web application vulnerabilities

- Knowledge of database, application, and web server design and implementation

- Familiarity with Security standards \ frameworks and groups (OWASP, OSSTM, WASC, FISMA)

- Experience in dynamic and static application vulnerability scanners like HP WebIspenct, IBM AppScan, HP Fortify, etc

- Create, implement & review data protection strategy across the organization.

- Experience in client handling including interaction with developers for understanding the mitigations

- Experience on Mobility Platform like Phone-Gap \ native Android \ Worklite and MDM /MAM

- Knowledge of DevOps and other upcoming technologies used in SDLC

- Experience in manual verification of false positives reported by automated tool

- Devise and enforce standards and best practices for data protection in line with international standards and industry best practices.

- Evaluate the adequacy of security measures including network security to protect organizational data and information assets

Project Management and Vendor Management

- Define and implement project as per approved Plan of action.

- Identify security solutions as per business needs

- Manage POC for agreed and approved solutions as per defined process

- Conduct partner reviews

- Coordinate with vendors / partners on closure of projects / activities

- Manage intra and inter department conflict amicably

IT Risk management and Process assurance

- Benchmark and compare security practices with the industry

- Implementation, operation and maintenance of the Information Security Management System based on standards like ISO/IEC 27001, Cobit, ITIL etc as applicable.

- Information security risk assessments and controls selection activities

- Track all audit schedules and ensure closure of all security gaps.

- Reporting of all critical security issues

- Co-ordinate for Risk Assessment of IT systems and Third Party workloads

- Facilitate Internal process and IT audits

Audit and Compliance

- Software license compliance at all times

- Implement tools and processes related to compliance monitoring as per internal security policies and applicable laws and regulations

- Facilitate and drive initiatives of Internal Audits for Information Technology and update on Closure and Identified Risk to the Management

- Review of Third Party applications / systems and network security on monthly basis

- Adherence To Change Management Processes

Personal Attributes

- Honest and Self Disciplined

- Display Business Integrity & Ethics

- Displays Leadership and team building skills

- Displays Logical thinking for problem evaluation and solving

Interested candidates can email their cv along with following details:

Total Exp

Current Co-

Current CTC-

Expected CTC-

Notice period-

Reason for change-

Availability for interview -Yes/No