Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
- Leadership & Executive Engagement: Define Information Security Officer’s (ISO) charter &
define focus areas for comprising of SOPs, policy, process and technology controls that would
act as foundation for taking risk-based decisions on design, tool and spends both within &
beyond cyber security. - Engage with executive / technology leaders through a KPI driven approach with a mix of
technology & commercial purposes. - Product Security: Evolve culture of security in decision making. Work with technology vendors
for appropriate security product evaluation for network, application and end user security. - Ensure secure development and ability to adopt automation & developer empathy as its core
constructs for secure development. - Platform Security: Work in synergy with infra / product engineering teams in defining baseline
security configuration, build continuous visibility for detecting misconfigurations/
vulnerabilities and mature remediation practices. - Threat & Vulnerability Management: Detect, triage and operate remediation operations for
misconfigurations/vulnerabilities across product, platform & identity plane as per defined
SLA. - Security Operations: Set the foundation for creating incident response operations to guard
against security breaches through a mix of inhouse operations & managed services model. - GRC: Operate and evolve lean GRC (governance, risk, compliance) structure with regular
cadence with executive leadership & technology leaders. - Compliance: Ensure compliance against relevant and applicable laws, regulations, leading
standards such as ISO 27001, NIST etc. - Data Privacy: Ensure compliance towards relevant and applicable data privacy laws, conduct data protection impact assessment, drive data privacy initiatives within the organization,
provide direction to the relevant teams as well as periodically submit reports to the senior
management. - Control Effectiveness & Audit Readiness: Owning success of technology controls, create an
internal mechanism of audit readiness, demonstrating compliance to external auditors /
customers and own all related escalations. - Business Engagement: Collaborate actively with business / product teams to unblock business
imperatives related to cyber security. - Build strong relations with external service providers.
Job Requirements
- High Degree of Computer Engineering or similar background Degree
- 10+ years of experience in a similar role Experience
- 8 to 15 years with mix of Technology Risk, Security operations, Security engineering, Compliance and Data Privacy
- 2+ years of management experience with direct engagement with executive leadership
- Experience in setting or operating incident response functions involving internal / partner teams.
- Knowledge of Risk Management practices including NIST, CIS, Cloud Controls and security frameworks like OWASP, CVSS, MITRE
- Proficient technical & business communication skills.
- Industry certifications e.g., CISSP, CCSP, CCSK, CISA, CISM etc.
- Knowledge in emerging technologies and risk
Skills
- Security
- Microsoft
- Networks
