Max Life Insurance - Chief Manager - Cloud & Cyber Security

Cloud and Cyber Security - Chief Manager

Job Summary - IT Security (Security Domain) :

- The person will provide leadership, coordination, and operational management of the Cloud and Security framework.

- Person will play a critical role and lead towards developing & implementation of security strategy, working with InfoSec team, and providing expert guidance on building new and managing existing security controls across on prim and Cloud Env.

- Person must be having at least 8-10 years of experience in managing infrastructure, Cloud and Cyber security for large enterprise preferably in BFSI sector.

- This position is operationally responsible for ensuring the availability, integrity, and security for all IT systems across on prim & Cloud Env.

- Partnering with the Lead for Business Applications and Enterprise Risk Management, this position will lead the Cloud & Cyber Security domain.

Key Responsibilities :

- Serve as a SME on cloud cyber risk for leading cloud platforms AWS, Azure/ office 365.

- Design and develop cloud platform-specific security policies, standards, and procedures for management group and account/subscription management and configuration e.g., azure policy, azure security center, AWS config, identity management and access control, firewall management, auditing and monitoring, security incident and event management, data protection, user and administrator account management, SSO, conditional access controls and password/secrets management.

- Develop and lead cyber risk Initiative as part of cloud transformation projects on AWS\Azure cloud services.

- Educate technology stakeholders on value propositions of cloud and participate in deep architectural discussions to ensure no security gaps in solutions

- Coordinate enhancements and deployment efforts and provide insight and recommendations for implementing cloud security solutions.

- Lead cloud security assessments as per Internal, IRDAI and industry standard frameworks.

- Develop strategic and tactical security remediation recommendations / cyber risk roadmap to address identified security gaps.

- Lead cybersecurity controls testing across on prim & Cloud Env to determine control effectiveness and adherence to both internal cybersecurity policies and external requirements e.g., certifications, laws, regulations and contracts.

- Improve agility and resilience of cloud environments identifying opportunities to reduce it operations through automation.

- Perform audit and security compliance checks, including vulnerability scans and closure, configuration reviews and network traffic analysis

- Perform security risk assessments that support business requirements, and recommend mitigations and countermeasures to address risks, vulnerabilities and threats

- Develop patch management process across on prim and Cloud infrastructure and services, continuous monitoring of patch compliance

- Design & Support cyber-security training and awareness within the region to increase staff security awareness

- Assess operational and implementation costs and evaluate them against the potential business impact if the policies and controls are not implemented.

- Assess the effectiveness of the measures against security risk management plan.

- Develop IT security policy and operational procedures based on Information security and IRDAI guidelines.

- Develop a documented action plan containing policies, practices and procedures that mitigate the identified risks.

- Document information related to IT security attacks, threats, risks and controls.

- Evaluate effectiveness of current incident response plan against industry good practices.

- Evaluate response plans periodically to ensure relevance.

- Perform comparative analysis of security service performance level parameters against security information sources.

- Responsible for the IT Teams success in security incident monitoring, identification, assessment, quantification, reporting, communication, and mitigation efforts.

- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action

- Help with DR planning and BCP framework implementation. Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals.

- Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas

- Revise and develop processes to strengthen the current Security Operations

- Framework, review policies and highlight challenges as needed with key stakeholders.

- Keep abreast of latest security and privacy legislation, regulations, adversaries, alerts, and vulnerabilities.

- Work closely with ERM and internal assurance team to close identified vulnerabilities across on prim & Cloud Env

- Responsible for delivery of 24-7-365 Security operations and agreed KPI compliance.

- Manage IT Security CAPEX and expense budgets as per Management direction.

Preferred Skill Set :

- Must have 3 plus years of hands-on technical experience with at least AWS & Azure cloud platform in security or infrastructure implementation and operations.

- Must have 7 plus years of working experience with security domain with depth of knowledge with multiple security technologies such as firewalls, intrusion detection/prevention systems, vulnerability scanning, WAF/ END POINT / DLP / EDR / ENCRYTION / WAF/Proxy / CASB / Server Security / IPS / Email Security / VAPT / SIEM, cloud security gateways, secure proxies, ssl crypto solutions, and automation.

- Must have 3 plus years of exp in developing and Implementing Cyber security controls & Infrastructure Vulnerability Management.

- Experience with data protection, cryptography, key management, identity and access management iam , SOAR integration and MISP Threat Intelligence sharing platform and network security vpns within cloud environments.

- Good understanding of industry regulatory and compliance requirements i.e., IRDAI, ISO, pci-dss and skilled at interpreting the compliance and security requirements into implementable and repeatable controls.

- Experience in the creation and maintenance of security policies and procedures, managing the protection of information systems and assets.

- Examining malicious software, suspicious network activities, and non-authorized presence in the network to analyze the nature of the threat, and secure and monitor firewall change management.

- Knowledge of Threat intelligence platforms for integrated security operations centers.

- Knowledge of cyber security threats, vulnerabilities, hacking and exploit methods, threat vectors in the areas of ransomware, malware and targeted cyber phishing.

- Strong analytical and organizational skills, including the ability to prioritize, multitask and work under pressure while maintaining a professional demeanor.

- Must have good people skills and the ability to interact and communicate effectively across all levels of the organization

- Must be a champion for pushing IT standards, procedures, policies, and best practices to the organization through the IT infrastructure team. Proactive team player.

- Must be very proactive in understanding and staying up to date with industry technology trends and applicability to the organization

- Excellent oral, written and spoken communication skills

- Must have sound knowledge of data analysis and presentation skills.

- Ability to work flexible and stretch hours

- Domain knowledge of IT SOC, Cloud and Cyber security for financial services industry will be an added advantage

- Must be flexible to quickly adapt to changing business needs and processes