Manager - Information Security - IT Infra & Application Security

- Manager Information Security IT Infra & Application Security

- To manage Information Security related to DesktopReday infrastructure & applications

- To conduct Internal Audits

- To carry out vulnerability assessments and identify systemic security issues based on the analysis of vulnerability report

- To apply information security and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

- Knowledge of Application Security

- Knowledge of Application Security Risks (e.g., Open Web Application Security Project (OWASP) Top 10 list)

- Knowledge of secure coding guidelines

- Knowledge of infrastructure security, cyber security, privacy principles and security frameworks (e.g., ISO 27001, ISO 27017, ISO 27018, OWASP, GDPR, PCI, HIPPA, SOX, etc.) relevant to confidentiality, integrity, availability, authentication, non-repudiation

- Knowledge of vulnerability assessment and penetration testing principles, tools, and techniques.

- Knowledge of ethical hacking principles and techniques

- Knowledge of computer networking concepts and protocols, and network security methodologies.

- Network protocols such as TCP/IP, Dynamic Host Configuration (DHCP), Domain Name System (DNS), and directory services.

- Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defence-in-depth).

- Knowledge of system administration concepts for operating systems (such as but not limited to Windows and Unix/Linux operating systems) and operating system hardening techniques.

- Knowledge of data backup and recovery concepts

- Knowledge of cyber threats and vulnerabilities

- Knowledge of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).

- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Skill in managing Security framework of the organization which includes following :

- Creating & updating Policies, Procedures and Guidelines

- Skills related to application security, secure coding guidelines etc

- Skill in the use of vulnerability assessment and penetration testing tools (like Nessus, Qualys etc)

- Ensure periodic activities, reviews, audits are carried out and track action items with various service teams

- Prepare & publish regular governance reports and Management Reports

- Skills in identifying positive and false-positive detections

- Skill in reviewing logs to identify evidence of past intrusions.

- Skill in performing impact/risk assessments.

- Skill to understand the context of an organization's threat environment vis-a-vi vulnerabilities detected

- Review & analyse various security requirement and advise on implementation

- Be a Change Approver for Cloud Security requirement

- Prepare & Publish Security Advisory Notes, InfoSec Awareness mailers etc.

- Develop and maintain documents (policies, procedures, templates), records, templates related to Information Security, Personal Data Protection, Application Security

- Periodic review of policies, procedures, templates

- Promoting awareness related to Information Security, Personal Data Protection, Application Security

- Communicate Policies, Procedures, Templates to stakeholders

- Review security requirements of various RFP and customer contracts and provide appropriate response to it

- Ensure security requirements from various RFP and customer contracts are implemented and monitored periodically

- Preparing Audit Schedules / Plan, Conduct Internal Audits periodically, Publish Report and track till closure

- Initiate necessary corrective and preventive action

- Periodically Measure & Monitor KPI related to Information Security, Personal Data Protection, Application Security

- Prepare Management Review Meeting Reports, Plan; Schedule and conduct periodic Management Review Meetings

- Coordinating with Certifying Body

- Representing the management during various external audits (certification & surveillance audits, client audits etc)

- Ensuring the compliance parameters meets the requirement

- Reporting to the top management on the performance, opportunities for improvement, issues, non-conformities, Audit reports etc. related to Cloud Security

- Very Good English communication (Speak, Read, Write)

- Report Writing

- Analytical & problem-solving skills

- Ability to work on Microsoft Excel, Word, and PowerPoint

- Good presentation skills

- Willingness to Continually Learn

- Team Player & People Management

- Certified Web Application Security Professional (CWASP)

- Certified Application Penetration Tester (CAST)

- Certified Application Security Engineer (CASE)

- ISO-27001 Lead Implementor / Auditor

- Any Graduate in Information Technology

- 3 to 4 years of experience in managing Infrastructure and Application Security