Manager-Information Security
Who We Are:
FarEye is a low-code, Intelligent Delivery Management Platform, that makes the delivery experience better for everyone. Our low code/ no-code SaaS platform helps shippers and carriers to do deliveries at reduced cost and high customer experience. With 20+ Gartner mentions, FarEye is empowering more than 150 enterprises across 30 plus countries to win in this customer-centric era with exceptional delivery experience and efficient operations.
- Forbes; FarEye is on track to be a Unicorn in 2022.
- Great Place to Work; 3 years in a row.
- Deloitte; Amongst Top 25 companies based on our revenue growth (for 4 consecutive years).
Position Overview:- As an IT Security & Risk Lead/Manager, you will be responsible for protecting IT infrastructure (including networks, hardware and software) from a range of security threats, ensuring the organization is compliant with latest standards, our products are secure and data safe.
- The focus areas will be ISMS, IAM, GDPR, SOC and anything related to privacy and information security which can impact the organization adversely.
Responsibilities:- You will perform the following activities in this role:
- Keep up to date with the latest security and technology developments
- Research/evaluate emerging IT security threats, ways to manage them and communicate with internal and external stakeholders about the same proactively
- Plan for disaster recovery scenarios and create contingency plans in the event of any security breaches
- Monitor for attacks, intrusions and unusual, unauthorized or illegal activity
- Evaluate external products the organization is procuring for security vulnerabilities
- Design new security systems or upgrade existing ones in the workplace
- Engage in 'ethical hacking', for example, simulating security breaches and identify potential weaknesses and implement measures, such as firewalls and encryption
- Investigate security alerts and provide incident response
- Liaise with stakeholders in relation to IT security issues and provide future recommendations
- Maintain an information security risk register and assist with internal and external audits relating to information security
- Assist with the creation, maintenance and delivery of IT security awareness training for colleagues
- Monitor and respond to 'phishing' emails and 'pharming' activity and give advice and guidance to staff on issues such as spam and unwanted or malicious emails
- Product Security; Work with developers and architects to ensure security is appropriately built into the software development cycle and DevOps pipeline
- Product Security; Ensure appropriate internal testing of applications prior to deployment, either driven by self or via a external vendor
Functional Areas:- Your work will be split in the following areas:
- Consulting; Offering advisory services to clients and internal leaders
- Sales Enablement; Collaborate with our Sales Team to create collaterals which help us win!
- Strategy; To keep our organization ahead of potential threats. Create vision document and execute it with our Engineering team
- Security Operations; Working to protect the security of the organization on a daily basis by observing, evaluating threats and taking necessary actions which mitigate any risk
Span of control:You will interact with/influence the following stakeholders within and outside FarEye:
- Existing and Prospective customers
- FarEye Senior Leadership Team/Executive Leadership Team
- FarEye Internal teams
- FarEye Engineering & Product Leaders and Managers
- Vendors (Compliance/Audits)
Educational Requirements:- Bachelor's or Master's Degree in Engineering in CS, IT or related field. Preference to individuals with relevant degrees or certifications in the field of IT Security
- 8 to 12 years of progressive IT solutions, compliance, regulatory experience and roles of increasing responsibility
- Demonstrated success in a leadership role in IT Security space, with at least 3 years in a managerial role or above
Techno-Functional Requirements:- Expertise in IT development, integration, delivery, and maintenance
- Hands on knowledge of Penetration/Hardening preferred
- Hands on knowledge of Cloud Security preferred
- Ability to create a team around himself/herself
- Ability to create organization strategy
- Ability to interact and influence existing and prospective customers
- Understanding of security requirements for Sarbanes-Oxley, ISO Certifications, Data Privacy laws, and PCI. Cyber security, including strategy creation
- Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies
- Extensive interpersonal skills with the ability to work effectively with end-users, IT peers, managers and vendors
- Excellent written, verbal communication and presentation skills.
- Ability to effectively adapt to rapidly changing technology and apply it to business need