Interact and co-ordinate with vendors
Track security related aspects
ROLES & RESPONSIBILITIES:
Help UIDAI on implementation of Security policies and ensure defined procedures are followed.
Interact and co-ordinate with service providers
To assist CISO-UIDAI in implementing organisation security framework effectively
To assist in conducting all preparatory work for ISP Certification including Internal ISMS Audits.
Report to CISO on the effectiveness of the Information Security Program, including policy violations, security risks, progress of all security-related remedial actions and metrics
Assist in development, maintenance and communication of policies to direct security functions relative to information technology systems, networks, applications, and voice and data communications that are consistent with applicable regulatory and compliance requirements.
Perform measurement of quantitative and qualitative risks and further analysis
Assist in classification of asset and measure potential cost of risk and recommend appropriate security strategies
Provide feedback to CISO on security risk portfolio strategy
Assist CISO in performing security management
Oversee the implementation of Information Security training program to assure the knowledgeable of Information
Security policies, practices and relevant guidance appropriate to their role
Periodically test and evaluate Information Security controls and techniques to assure compliance with policies. Coordinate the use of external resources involved in the performance of security testing, i.e. penetration tests, vulnerability scans.
Oversee incident response procedure as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
Help in creation of security culture and awareness. Oversee the development and implementation of activities to foster Information Security awareness within the UIDAI and related entities.
BE/B Tech/MCA/MSc(IT) OR CS Electronic
Functional experience: Total experience should be at least 8 years out of which 5 years of experience in working with information security solutions.
ISO 27001 implementer/auditor
Preferred certification-CISSP/CISA/CISM (minimum one certification is must)
REQUIRED SKILL SETS & COMPETENCIES:
Minimum of 5 years of experience in information security management systems.
Experience in Implementing information security solutions
Experience in Security projects and ensuring quality deliverables for large clients.
Experience in conducting user awareness trainings and specialised trainings for the IS teams.
Experience of working in different industry verticals.
Knowledge and ability to review and propose appropriate technical security solutions for advanced DLP, DRM, cloud, encryption, virtualization, privacy risks.
Knowledge about IT GRC tool like Archer etc is highly preferred.
Ability to understand client security requirements and conceptualize/design security controls to ensure the cost of protection is commensurate with the value at risk