Bangalore LOCALS only!
Role: Senior Manager of Information Security
Interview Mode: VCON and F2F Required (Managerial & HR)
As the Senior Manager of Information Security, you will be responsible for leading a team that keeps our enterprise-class cloud service secure from a variety of threats.
You will report to the Director of Information Security and will lead a small team of security engineers.
We are looking for a leader who is passionate about information security and work with the security team in creating a culture of security across the company.
You should be an effective communicator that works with all stakeholders – across various departments within the company as well as externally with customers, partners, and vendors.
You will work with security champions drawn from various Engineering teams and DevOps to design and implement mitigations for existing and imminent threats.
Manage a team of security engineers responsible for securing our cloud service
Assist in defining, designing and implementing systems and processes to secure our hybrid data-center and public cloud infrastructure
Engage in the software development lifecycle (SDLC) to ensure secure designs and coding practices
Manage internal and 3rd party app security, penetration testing and bug bounty programs
Work closely with Operations, IT, Support and Engineering teams to monitor and remediate security incidents
Work with Sales and Legal teams to interface with enterprise customers' security teams during pre-sales and post-sales engagements
Assist with of compliance audits in the company
Assist in creating a culture of security-conscious employees with programs and influence
Prior role as an Information Security Manager in an organization or a large department
Bachelor’s degree, with relevant on-the-job technical experience
12+ years of experience in IT, Operations or Software Engineering functions
6+ years’ experience in a security function at a cloud service or software company
The successful candidate will have a very good understanding of how to deliver products and services securely within a collaborative environment
Programming experience using high level programming languages and a scripting language
Good communication skills with the ability to work with a disparate set of stakeholders – engineers, sales, etc. inside a company and customers, vendors, partners outside a company
Active membership of Information Security user groups with security certification (CISSP, CEH, GWAPT, GPEN, OSCP, etc.) will be an added plus
Experience identifying information protection needs and defining system security requirements, architecture, designs, and standards
Prior experience helping an organization achieve and maintain compliance certifications such as SOC 2 or ISO 27001 will be a plus
Practical understanding of latest OWASP Top 10 and CERT advisories and prior experience implementing nimble remediation strategies
Experience managing engineers and/or vendors responsible for app security, penetration testing, and ethical hacking/bug bounty programs
Hands-on experience with tools from 3rd party vendors such as Rapid7, Qualys, Whitehat Security and/or open source tools such as Nessus, Metasploit, Burp Suite, Nmap, will be a plus
Knowledge of deploying applications in Cloud infrastructures such as AWS/Azure will be a plus
Ability to maintain a flexible work schedule to enable interactions across multiple time zones with remote teams is a plus