ROLES & RESPONSIBILITIES:
Work as security advisor and establish priorities and implement effective risk management of exposures
Report to executive management on the effectiveness of the Information Security Program, including policy violations, security risks, progress of all security-related remedial actions and metrics
Develop, maintain and communicate policies to direct security functions relative to information technology systems, networks, applications, and voice and data communications that are consistent with applicable regulatory and compliance requirements.
Provide strategic and tactical security guidance for all IT projects, including the evaluation of the enterprise architecture, hardware, software and technical controls.
Measure the risk quantitatively and qualitatively
Assist authority on selecting the best risk solution portfolio
Oversee classification of asset and measure potential cost of risk and recommend appropriate security strategies
Define and perform qualitative analysis or scenario modelling
Recommend a security risk portfolio strategy and perform security management
Oversee the development and implementation of Information Security training program to assure the knowledgeable of Information
Security policies, practices and relevant guidance appropriate to their role
Ensure that Periodic test and evaluation of Information Security controls and techniques are performed to assure compliance with policies. Coordinate the use of external resources involved in the performance of security testing, i.e. penetration tests, vulnerability scans.
Oversee incident response planning as well as ensure investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
Provide the foundation for the security culture and awareness. Ensure the development and implementation of activities to foster Information Security awareness within the UIDAI and related entities.
BE/B Tech/BS in Computer Science/Engineering Auditor-Implementer and/or related GIAC certifications
Functional experience: Total experience should be at least 15 years out of which 7-9+ years of experience architecting information security solutions, creating security strategy, security programs and managing information security management systems.
ISO 27001 implementer/auditor
Preferred certification-CISSP and/or CISA/CISM, and/or PMP and/or BS Lead
REQUIRED SKILL SETS & COMPETENCIES:
Minimum of 7-9 years of experience in architecting information security solutions, creating security strategy, security programs and managing information security management systems.
Experience in delivering large projects with multi-skilled and multi-location team.
Experience in managing projects and ensuring quality deliverables for large clients.
Experience in working with various IS risk management models and ability to perform IS risk modelling, its implementation and management.
Minimum of 2 full lifecycle implementation of ISMS/GRC programs in a complex, multi-location environment.
Capability of interacting with C-level executives and working with them to get their buy-in on various information security initiatives.
Experience in conducting user awareness trainings and specialised trainings for the IS teams.
Experience in understanding clients business environment and proposing fit for purpose information security solutions.
Experience of working in different industry verticals.
Knowledge and ability to recommend appropriate technical security solutions for advanced DLP, DRM, cloud, encryption, virtualization, privacy risks.
Knowledge and implementation/consulting experience in managing risk and complaints like PCI, DSS, Privacy, and SAS70 etc.
Knowledge about IT GRC tool like Archer, Modulo etc is highly preferred.
Ability to understand client security requirements and conceptualize/design security controls to ensure the cost of protection is commensurate with the value at risk