Posted By

user_img

HR

HR Manager at Yo HR Consultancy

Last Login: 22 November 2024

Job Views:  
419
Applications:  76
Recruiter Actions:  1

Posted in

IT & Systems

Job Code

1214243

Head of Information Security

Location - Hyderabad(WFO)

Experience - 15 to 20 years

Job Description:

- The Head of Information Security is a critical member of the CEO's leadership team. This role must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting.

- This leadership role requires an individual with a strong technical background, as well as an ability to work with the IT organization and business management to align priorities and plans with key business objectives. A key imperative of this role is to strike a balance of real-world risks with business drivers such as speed, agility, flexibility and performance.

Responsibilities:

The job role is composed of following set of activities:

Strategic:

- Work with the CEO and other stakeholders to develop a security program and security projects that address identified risks and business security requirements.

- Define metrics and reporting strategies that effectively communicate successes and progress of the security program.

- Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as provide a realistic overview of risks and threats in the enterprise environment.

- Evaluate and establish a Security Operations Center (SOC) as appropriate and plan for it to deliver sustained value to the organization

- Develop budget projections based on short- and long-term goals and objectives.

- Monitor and report on compliance with security policies, as well as the enforcement of policies within the departments

- Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.

- Establish and help sustain information security governance to improve the Information Security posture of the organization.

- Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.

Security Liaison:

- Assist business owners and IT staff in understanding and responding to security audit failures reported by auditors.

- Provide security communication, awareness and training for audiences, across the organization

- Work as a liaison with vendors and the internal departments to establish appropriate contracts and service-level agreements.

- Manage production issues and incidents, and participate in problem and change management forums.

- Provide support and guidance for legal and regulatory compliance efforts, including audit support.

Architecture/Engineering Support:

- Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.

- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.

- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.

- Work within the Digital Transformation team and the business functions to ensure that there is a convergence of business, technical and security requirements

- Implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

Operational Support:

- Coordinate, measure and report on the technical aspects of security management.

- Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.

- Manage and coordinate operational components of incident management, including detection, response and reporting.

- Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.

- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.

- Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.

- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and follow policies and audit requirements.

- Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks. Initial Envisaged Roadmap for the leader

- Streamline the Information Security related processes in the organization and improve its Information

Security posture:

- The leader will be expected to set-up a 24X7 Security Operations Center (SOC) to bring in the best-inclass infrastructure and solutions to assess vulnerabilities and prevent, detect, protect and predict any potential cyber threats

- Create focus on Risk Management, Business Continuity Planning and Scenario Planning and Analysis

- Have an Enterprise Risk Management strategy formulated and implemented

- Build right skills for risk analysis & mitigation, cyber-security testing

The individual must have the following:

- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x

- Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.

- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.

- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.

- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.

- An understanding of operating system internals and network protocols.

- Familiarity with the principles of cryptography and cryptanalysis.

- Experience in application technology security testing (white box, black box, code review, Simian Testing etc).

- Experience in system technology security testing (vulnerability scanning and penetration testing).

Didn’t find the job appropriate? Report this Job

Posted By

user_img

HR

HR Manager at Yo HR Consultancy

Last Login: 22 November 2024

Job Views:  
419
Applications:  76
Recruiter Actions:  1

Posted in

IT & Systems

Job Code

1214243

UPSKILL YOURSELF

My Learning Centre

Explore CoursesArrow