Cybersecurity Governance and Risk Manager

Role Purpose : This role will be responsible to execute information security projects as well as oversight & governance of security operation. This role will ensure that the security roadmap executes and security operations functions as per desired SLA.

Key Result Areas :

Drive successful implementation of key security projects that include (but not limited to) new age technologies such as SASE, Secure Operational Technology, Zero Trust, Endpoint Detection & Response / XDR, Cyber Threat Intelligence etc. Periodic proof of concepts of new security technologies to evaluate relevant security controls in the business processes and deliver improved cybersecurity posture

Overall management and governance of security operations centre that includes (but not limited to) technologies such as CASB, DLP, EDR, Data Classification, SIEM / SOAR, VAPT etc. Ensure information security partners deliver the promised SLA.

Data pipeline mgmt for SIEM platform to ensure effective ingestion of security logs. Review use-cases, best practice configurations, Assess data leak control, periodic review of IT infrastructure that includes both on-prem and cloud workloads. DLP / DC effectiveness (policy / procedure / DLP incident review).

Periodic assessment and reviews of IT and Information security processes (e.G. Change, Incident, Patching, Backup / restore, Hardening, Vulnerability mgmt, TPRM etc) and ensure timely closure of process control gaps.

Security review of key IT systems. AI / ML security. Effective vulnerability mgmt by ensuring timely closure of the vulnerabilities. Periodic collaboration with special interest group on data leak identification and breach control. Periodic cloud security assessment to ensure secure information exchange and data security at rest, transit and use.

Annual IT risk assessment for the business-critical processes and technologies, maintain the consolidated risk register and drive timely closure of the identified risk. Drafting mgmt presentation outlining existing information security issues as well as potential controls to address them. Presenting infosec score card to the Senior Management

Drive any applicable infosec audit (eg ISO27001, NDHM, Internal audit / assessment etc) to its successful closure and track the timely closure of audit findings. Periodic infosec reviews of data processing facilities and key office locations on the compliance of information security requirements

Audit and assessment of IT processes, tools and critical business partners / vendors. Risk assessment of any data request, new technology deployment. Collaborate with business stakeholders on mitigation of risks and track closure of the risks.

Secure medical instrument and OT technology deployment and assessment.

Plan and prepare the budget projection for information security initiatives. Work with the relevant teams to drive the value of information security investments and optimization of technologies. Report utilization status and present future requirements. Impart Information security education across the diverse user-base and prepare relevant infosec content so as to generate appropriate awareness levels towards data protection

What We are looking for :

Experience : 10+ Years in all stages of Cybersecurity like protection, detection, response & Recovery

Qualification : B.Tech or equivalent degree in IT & related discipline

Industry : Healthcare / BFSI / Telecom organization

Certification : CISSP, CISM, CCSP, CISA, ISO27001 or equivalent

Preferred Candidates :

Those who are managing Information Security for mission-critical organizations in BFSI / Healthcare organization.

Have exposure to interacting with senior executives in a formal environment and ability to manage effectively MSSP (Managed Security Services Provider).

Candidate Must be comfortable working from office