'%3e%3cpath d='M15.3069 13.1535H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 8.15347H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 3.30693H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='clip0_126_10407'%3e%3crect width='16' height='16' fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Head of Information Security
Location - Hyderabad(WFO)
Experience - 15 to 20 years
Job Description:
- The Head of Information Security is a critical member of the CEO's leadership team. This role must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting.
- This leadership role requires an individual with a strong technical background, as well as an ability to work with the IT organization and business management to align priorities and plans with key business objectives. A key imperative of this role is to strike a balance of real-world risks with business drivers such as speed, agility, flexibility and performance.
Responsibilities:
The job role is composed of following set of activities:
Strategic:
- Work with the CEO and other stakeholders to develop a security program and security projects that address identified risks and business security requirements.
- Define metrics and reporting strategies that effectively communicate successes and progress of the security program.
- Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as provide a realistic overview of risks and threats in the enterprise environment.
- Evaluate and establish a Security Operations Center (SOC) as appropriate and plan for it to deliver sustained value to the organization
- Develop budget projections based on short- and long-term goals and objectives.
- Monitor and report on compliance with security policies, as well as the enforcement of policies within the departments
- Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
- Establish and help sustain information security governance to improve the Information Security posture of the organization.
- Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.
Security Liaison:
- Assist business owners and IT staff in understanding and responding to security audit failures reported by auditors.
- Provide security communication, awareness and training for audiences, across the organization
- Work as a liaison with vendors and the internal departments to establish appropriate contracts and service-level agreements.
- Manage production issues and incidents, and participate in problem and change management forums.
- Provide support and guidance for legal and regulatory compliance efforts, including audit support.
Architecture/Engineering Support:
- Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
- Work within the Digital Transformation team and the business functions to ensure that there is a convergence of business, technical and security requirements
- Implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
Operational Support:
- Coordinate, measure and report on the technical aspects of security management.
- Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
- Manage and coordinate operational components of incident management, including detection, response and reporting.
- Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
- Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.
- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and follow policies and audit requirements.
- Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks. Initial Envisaged Roadmap for the leader
- Streamline the Information Security related processes in the organization and improve its Information
Security posture:
- The leader will be expected to set-up a 24X7 Security Operations Center (SOC) to bring in the best-inclass infrastructure and solutions to assess vulnerabilities and prevent, detect, protect and predict any potential cyber threats
- Create focus on Risk Management, Business Continuity Planning and Scenario Planning and Analysis
- Have an Enterprise Risk Management strategy formulated and implemented
- Build right skills for risk analysis & mitigation, cyber-security testing
The individual must have the following:
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x
- Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- An understanding of operating system internals and network protocols.
- Familiarity with the principles of cryptography and cryptanalysis.
- Experience in application technology security testing (white box, black box, code review, Simian Testing etc).
- Experience in system technology security testing (vulnerability scanning and penetration testing).
Didn’t find the job appropriate? Report this Job
'%3e %3cpath d='M24 48C37.2548 48 48 37.2548 48 24C48 10.7452 37.2548 0 24 0C10.7452 0 0 10.7452 0 24C0 37.2548 10.7452 48 24 48Z' fill='%23333333' fill-opacity='0.8'/%3e %3cpath fill-rule='evenodd' clip-rule='evenodd' d='M22.5299 19.0115V19.5849V29.0154V31.5316C22.5299 32.3403 23.1967 33 24.004 33C24.8114 33 25.4784 32.3358 25.4784 31.5316V29.0154V19.5849V19.013L29.4885 23.0077C30.0627 23.5795 31.0044 23.5743 31.5733 23.0077C32.1421 22.441 32.1423 21.4975 31.5735 20.9308L30.1054 19.4684C30.0891 19.4504 30.0724 19.4329 30.0551 19.4156L25.0837 14.4634L25.0479 14.4264C24.9234 14.3024 24.7807 14.2055 24.6281 14.1358L24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946C24.0039 13.8983 23.3839 14.0068 22.9622 14.4268L22.9533 14.436L21.4743 15.9093C21.4615 15.9211 21.449 15.933 21.4367 15.9452L16.4286 20.934C15.8598 21.5008 15.8545 22.4389 16.4286 23.0108C17.0027 23.5826 17.9394 23.5827 18.5135 23.0109L20.0019 21.5283C20.0147 21.5164 20.0274 21.5043 20.0399 21.492L22.5299 19.0115ZM24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946L24.5952 14.1212Z' fill='white'/%3e %3c/g%3e %3cdefs%3e %3cclipPath id='clip0_99_1825'%3e %3crect width='48' height='48' fill='white'/%3e %3c/clipPath%3e %3c/defs%3e%3c/svg%3e "Scroll Up"){kind=small}