Religare Health Insurance - Chief Information Security Officer

A. KEY RESPONSIBILITIES :

- Managing the daily operation and implementation of the IT security strategy

- Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement

- Running security audits and risk assessments

- Delivering new security technology approaches and implementing next generation solutions

- Overseeing the management of the IT security department, giving leadership to the team and developing staff

- Ensuring compliance and governance is met

- Driving change projects and building new IT capabilities

- Developing and implementing business continuity plans to ensure service is continuous when a change programme is introduced or a security breach occurs or in the event that the disaster recovery plan needs to be triggered

- Protecting the intellectual property of the organization at all times

- Devising strategies and implementing IT solutions to minimize the risk of cyber-attacks

- Reviewing, analyzing and delivering data information

- Communicating digital programs and strategy to a range of stakeholders

- Managing the IT security budget and communicating this with the appropriate parties

- Reporting to the board and being an active member of the senior management team

Technical Skills :

- Threat Modeling and Risk Assessment

- InfoSec Vulnerability & Threat Management, Incident Response & Management

- Red Teaming - Scoping, Planning, execution and budgeting

- Understands business requirements and information security standards and frameworks such as: ISO 27001, NIST controls, PCI DSS, ITIL, COBIT

- Enterprise Security Architecture - Design/ Implement / Review

- Excellent communication skills in customer facing, stakeholder's management and Vendor Management.

- Security Controls - Definitions , Planning, Implementation, Assessment

- DR & BCP: Definition, Planning, Implementation , Review

- SIEM any one (preferred DNIF) (QRadar, LogRhythm, ArcSight, Splunk, Sentinel, DNIF), Correlation, Use-Case lifecycle Management, log Analysis & management,

- Hands on experience on Network Security Devices - Routers, Firewalls, IPS-IDS, ESA, etc.

- Risk Management, PCI Compliance Management, Vulnerability Management reports and assessments.

- Malware Analysis - Behavioral & Visual Analysis.

- Technical Skills like security-centric tech, like DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies; coding practices, ethical hacking and threat modeling; and firewall and intrusion detection/prevention protocols.

- Knowledge of PCI, HIPAA, NIST, GLBA and SOX compliance assessments as well.