Graduate degree and/or MBA, or other equivalent qualification.
5-7 years experience in Information Security.
Desirable Certifications: CEH, CISSP
Strong conceptual knowledge of security including application security.
Knowledge of network security, network architecture, infrastructure security.
Experience in managing security devices such as firewall, Intrusion Prevention/Detection systems (IPS/IDS).
Exposure to Data Security framework and solutions used for enforcing data security such as Date Leakage Prevention (DLP),Digital Rights Management (DRM) , Database Activity Monitoring (DAM) etc.
Knowledge of common attacks and risk scenarios which impact various IT components such as Operating System, Database, Network, application etc.
Must possess excellent vendor management skills, and proven ability to communicate Risk status by means of ongoing reporting, tracking, monitoring etc.
Experience in managing strategic outsourcing projects especially in the information security domain.
Experience in maturing various operational processes to increase their efficiency and effectiveness.
Understanding of technical risks and experience in overseeing assessments such as Vulnerability Assessment (VA) /Penetration Testing /App Sec/Security Architecture review etc.
Knowledge of Advanced Persistent threats (APT), Anomaly Detection systems, Security Information Event Management (SIEM), Log management solutions
Knowledge of Identity & Access Management, Privileged identity and access management etc.
Sound understanding of integration of devices with SIEM
Sound knowledge of use case development and deployment in SIEM.
Sound understanding of Data, Application security and secure SDLC framework
Excellent communication and presentation skills
Well-developed impact and influence skills
Strong vendor management skills
Responsible for providing information security inputs to various initiatives including infrastructure, application development etc.
Candidate should be a subject matter expert on Information security/IT Risk.
Attend Development Change Management Board where changes has to assess from Security Risk point of view and then align team to initiate Assessment of change.
Help Operation team in upgrading security tools.
Evaluate security operations effectiveness and create a plan to increase maturity.
Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.