1. Key Roles & Responsibilities:
Shall be primarily involved in overseeing information security risks emanating from IT servers, perimeter, networks & end-points in steady-state across the enterprise covering all the business verticals, campuses & offices.
Prepare an annual assessment calendar and ensure adherence. Frequency shall be based on criticality of asset; wherein criticality is derived from the risk assessment exercise.
Ensure all reviews, assessments and audits are conducted in a formal and ethical manner.
On an annual basis or as and when there is a major change in the eco system, perform risk assessments, threat modelling and testing based on industry standard frameworks like ISO 31000.
On a quarterly basis:
o Report violations of set processes and protocols by conducting periodic audits.
o Carry out gap analysis of current state of IT security by proactively conducting Vulnerability Assessment and Penetration Testing (VAPT) for networks, systems, end-points and applications.
On a monthly basis, prepare a management dashboard of the outstanding risks exposures and implementation status of various mitigation initiatives along with the stakeholders.
On a weekly basis, recognize problems by identifying abnormalities and vulnerabilities in the network by analyzing system reports and exceptions.
Provide monthly update on new threats and mitigation strategies through industry studies and market intelligence.
As a proof of concept, conduct dipstick audits to demonstrate vulnerable exploits across the enterprise and suggest a mitigation strategy.
Provide incident based response handling and mitigation strategy.
Assess and recommend controls based on industry standard frameworks including National Institute of Standards & Technology (NIST), Open Web Application Security Project (OWASP), ISO 27001:2013, Control Objectives for Information and Related Technology (COBIT), Information Technology Infrastructure Library (ITIL), etc.
Be abreast with the latest technology solutions and evaluate options to upgrade the current technology solutions that are in use.
Contribute to knowledge development and on-going enhancements as part of Business Transformation (BT) initiative.
2. Experience & Qualifications:
5 to 8 years of enterprise level experience with an IT security background; minimum 5 years dealing specifically with risk management related to IT infrastructure and information security.
Graduate in IT / Computer Science.
Security certifications (at least one) Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).
3. Skills & Competencies:
Must have good understanding of IT infrastructure architecture.
Should have conducted review of IT controls & information security audits.
Must have exposure to application security.
Should have understanding of various technologies in programming languages and applications.
Should have understanding of local regulatory and statutory requirements.
Proven leader who creates energy, exhibits integrity, leads change, creates a vision, inspires people to achieve goals, and delivers results.
Ability to develop, promote and clearly communicate a concept and vision.
Excellent interpersonal skills (listening and communication) characterized by effective interactions with a diverse range of internal and external constituents, stakeholders and audiences.
Strong influencing and conflict resolution skills especially with senior management.
Proven ability to manage and mentor team members, lead and influence cross-functional working groups, manage project teams and achieve results.
Ability to develop knowledge objects, tools and intellectual capital to support the internal engagement assignments.
Job Location : Ghansoli, Navi Mumbai