Technical Program Manager - Information Security

Role Purpose :

This role will be responsible to execute information security projects as well as oversight & governance of security operation. This role will ensure that the security roadmap executes and security operations functions as per desired SLA

Key Result Areas :

• Drive successful closure of key security projects that include (but not limited to) new age technologies such as CASB, Zero Trust, Endpoint Detection & Response, Cyber Threat Intelligence etc. Periodic proof of concepts, new security technologies evaluation to put relevant security controls in the business process
• Overall governance of security operations Centre that includes (but not limited to) technologies such as DLP, Data Classification, SIEM / SOAR, VAPT etc. Ensure information security partners deliver the promised SLA. Assess data leak control, periodic review of DLP / DC effectiveness (policy / procedure / DLP incident review). Collaborate with HR and Fraud risk team on the improvement of consequence mgmt.
• Periodic assessment and reviews of IT and Information security processes (e.g. Change, Incident, Patching, Backup / restore, Hardening, Vulnerability Mgmt, TPRM etc) and ensure timely closure of process control gaps. Effective vulnerability Mgmt by ensuring timely scheduling of VAPT (Vulnerability Assessment & Penetration Testing) across infra and application landscape and timely closure of the vulnerabilities. Periodic collaboration with special interest group on data leak identification and breach control. Periodic cloud security assessment to ensure secure information exchange and data security at rest, transit and use
• Annual IT risk assessment for the business critical processes and technologies, maintain the consolidated risk register and drive timely closure to the identified risk. Drafting mgmt presentation outlining existing information security issues as well as potential roadmap to address them. Presenting infosec. score card to the Senior Management
• Drive any applicable infosec audit (eg ISO27001, NDHM, Internal audit / assessment etc) to its successful closure and track the timely closure of audit findings. Periodic infosec reviews of data processing facilities and key office locations on the compliance of information security requirements
• Audit and assessment of IT processes, tools and critical business partners / vendors. Risk assessment of any data request. Collaborate with business stakeholders on mitigation of risks and track closure of the risks
• Plan and prepare the budget projection for information security initiatives. Work with the relevant teams to drive the value of information security investments and optimization of technologies. Report utilization status and present future requirements. Impart Information security education across the diverse user-base and prepare relevant infosec content so as to generate appropriate awareness levels towards data protection

What We are looking for :

Education : B.Tech or equivalent degree in IT & related discipline

Experience : 8+ yrs

Type of Exposure / Areas of expertise

Experience in all stages of Cybersecurity like protection, detection, response & Recovery

Industry : Healthcare / BFSI / Telecom organization

Important Skill

Certification / Knowledge

Desired to have CISSP, CISM, CCSP, CISA, ISO27001 or equivalent

Candidate Must be comfortable working from office