Ibibo Group - Manager/Lead - Information Security

Preferred Candidates from Big4

Job Profile: Information Security Manager / Lead - Ibibo Group

Roles and Responsibilities

- Defining and Implementing Information Security Policies and Procedures.

- Defining Information Security Framework - ISO27001, PCI, and COBIT for Organisation.

- Defining and Implementing Application Security / VAPT Procedures, OWASP standards,Best Practices and methodologies.

- Managing internal and External Compliances - PCIDSS, SOX, ITGC

- Supervise all investigations by involving all relevant Internal / External stakeholders and provide on-going communication to senior management and be a SPOC for internal business teams for information security incidents reporting.

- Defining and Implementing BCP and DR Procedures.

- Defining SLA for security Incidents and Implementing Incident Response for External Threats i.e. DDOS

- Risk assessment for organisation.

- Maintaining data security guidelines for internal, & external users.

- CreatingInfoSec awareness in the Organization - Do and don't and Internal training Programs.

- Implementing latest Information security Solutions- DLP, ATP, WAF, IPS, DDOS- Mitigation, and SSO.

- Developing and maintaining a comprehensive overview of Goibibo security risk status and to present review and presentation on the monthly and quarterly basis.

Skill Set

- 5-8 years of experience in Informationand Application Security.

- Experience in handling Compliances PCIDSS, SOX, and ITGC.

- Demonstrate strong knowledge in Remediation Operations for Security vulnerabilities and Penetration Testing.

- Hands on experience with security tools like Nessus, Metasploit, CyberArk, Splunk, Wireshark, Aircrack.

- Good understanding on Application Security andOWASP standards.

- Hands on experience on Technology likeFirewalls, IPS-IDS, SNORT, DDOS, WAF.

- Good understanding on MFA, Active Directory, Single sign on.

- Develop, implement and monitor/report on remediation SLAs and standards.

- Good understanding of security with AWS cloud, &Linux Internals.

- Good Communication and presentation skills.

- Good to have - any one Certification CISSP, CEH, ISO270001 or CISA