Head - Information Security
Job Purpose:
IT Security lead is responsible for ensuring the integrity, and availability of the organization's information assets by implementing and maintaining robust security measures and practices. IT Security personnel is responsible for protecting the organization's data, systems, networks, and applications from internal and external threats, thereby safeguarding sensitive information, maintaining business continuity, and mitigating risks.
Role Responsibility:1. Strategy & Governance:- Develop and implement a comprehensive information security strategy aligned with the organization's goals and leading industry practices.
- Establish and maintain information security policies, standards, and procedures to ensure compliance with relevant regulations and frameworks.
- Manage budget for IT security related activities and initiatives, and ensure ROI on the same. Establish IT security governance frameworks, policies, and procedures to ensure integrity, and availability of information assets.
- Define and monitor key security metrics and indicators to measure the effectiveness of security controls and compliance with regulatory requirements.
2. Security Architecture Design:- Oversee design and implementation of a robust and resilient security architecture, including network security, infrastructure and Information security, and application security.
- Evaluate and select appropriate security technologies, tools, and vendors to protect the organization's information assets.
- Review and assess the security controls and configurations of existing systems and applications, and provide recommendations for improvements.
- Collaborate with enterprise architect and business application team to ensure security is integrated into the design and development of new systems and applications.
3. Security Operations and Incident Response:- Oversee the day-to-day operations of the organization's security infrastructure and develop incident response plans to address and mitigate security incidents effectively.
- Drive regular security, risk and vulnerability assessments to identify vulnerabilities and weaknesses in the organization's systems and infrastructure.
- Manage and resolve security incidents and lead incident response efforts, including investigation, containment, eradication, and recovery.
4. Security Incident and Threat Intelligence:- Stay updated of the latest security threats, vulnerabilities, and industry trends through continuous benchmarking and research.
- Proactively identify emerging threats and vulnerabilities and develop strategies to mitigate their impact.
- Collaborate with internal and external stakeholders to conduct penetration testing, vulnerability assessments, and security audits.
5. Vendor and Third-Party Risk Management:- Assess and manage security risks associated with third-party vendors and service providers.
- Provide inputs during vendor evaluation and selection based on their security capabilities and compliance with security standards.
6. Compliance and Regulatory Requirements:- Ensure the organization's compliance with relevant laws, regulations, and industry standards pertaining to information security.
- Monitor and interpret changes in security regulations and standards and assess their impact on the IT landscape.
- Lead and coordinate audits, assessments, and certification processes related to information security.
7. Security Awareness and Training:- Collaborate with learning & development team to implement security awareness and training programs about information security risks, leading practices, and policies.
- Conduct regular security awareness campaigns, monitor and evaluate the effectiveness of security awareness efforts.
8. People Management:- Provide direction and guidance to the team and foster a collaborative and high-performance work environment.
- 15+ years of relevant experience with at least 10 years of experience in managing information security solutions for a leading manufacturing organization with diverse business units. The role requires extensive experience in identifying and mitigation information security risks and comprehensive knowledge of regulatory requirements.
- CISSP, CEH, CISM, CISA, CCSP, OSCP, CIPP and other relevant certifications will be preferred