Senior Manager - Information Security - BFS

We are looking for a candidate with strong experience into Information Security, Information Security Incident Events & Response, InfoSec Incident Tracking, Incident RCA & RCCA, Exploit Analysis, Vulnerability Management, Malware Analysis, Network and Web Security Log Analysis, SIEM Management, Cyber Threat Intelligence. Experience in Network & Information Security Mandatory

JOB RESPONSIBILITIES

Strategy

- Formulation of IT strategy

- Identifying gaps and then formulating action plans to close the gaps.

- Develop and manage information security budgets and monitor them for variances.

- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation as a brand.

- Monitor the external threat environment for emerging threats.

Governance & Implementation

- Develop, maintain and publish up-to-date information security policies, standards and guidelines.

- Implementation & monitoring of policies.

- Report information security incidents.

- Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.

- Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.

- Oversee information security audits, whether performed by organization or third-party personnel.

- Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.

- Implement projects as per roadmaps

- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action

Operations

- Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.

- Day to day monitoring of IT Processes/IT Infrastructure from information security perspective.

- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans.

- Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement.

- Manage security incidents and events to protect corporate IT assets.

- Supervise change management process from Information Security perspective

- Manage & supervise vendors based on SLA's defined

Technology

- End to End knowledge on Security Incident Alerts & Management.

- Comprehensive knowledge on MS Server environment, Linux Security, Operations (Endpoint Security, Data Leakage Prevention, Endpoint Encryption, SIEM, IDS/IPS, Firewalls, Proxy ,WAF CASB and CCM

- Comprehensive knowledge on multiple technologies amongst Firewall / PIM PAM / ENDPOINT / DLP / EDR / ENCRYPTION / DNS Security / WAF/Proxy / Server Security / IPS / Email Security / SIEM / Deep Security Multi Factor Authentication , Antivirus, Patching.

- Strong understanding in analyzing network event logs, web filter activity, Antivirus, Antimalware, DLP, Syslog's, IPS, and firewall logs.

- Strong understanding and hands-on experience on Cloud Security, Network Security -Anomaly Detection Systems, Firewalls, Routers, Switches, LDAP, AD Servers etc.

- Experience in Network

- People Management Experience.

- Ready to take ownership on the key deliverables with minimal handholding and drive independently.

- Knowledge of ISO 27001, 22301

KEY PERFORMANCE INDICATORS

QUALITATIVE

- In Build knowledge of IT security

- Adherence to processes

QUANTITATIVE

- Conduct Information Security Audit

- Minimise Information Security Incidents

- Information Security Project Implementation

- Regular reviews