Position: Manager/ Senior Manager / Associate Director – IT, Information and Cyber Security
Job Location: Noida, Work from Office
Experience: 10+ years of experience in information and cyber security with deep understanding of cybersecurity frameworks and standards (e.g., NIST, ISO27001, GDPR, HIPAA, PHI, Data Privacy etc).
Responsibilities
1. Protecting the Company Digital Landscape:
- Design and implement comprehensive security programs and cybersecurity strategy for networks, servers, and applications aligned with the organization & overall business objectives.
- Secure cloud environments (AWS, GCP, M365 and other IAAS, SAAS) and manage cloud-related security risks.
- Own and conduct regular vulnerability assessments and penetration testing to identify and address weaknesses on network, servers on cloud, cloud environment and oversee the remediation process.
- Manage endpoint security solutions (like Microsoft Defender EDR with ATP) and ensure optimal performance of security tools and technologies.
- Stay up to date on the latest security threats and best practices to continuously improve security posture.
2. Building a Culture of Security Awareness:
- Create and uphold security policies, procedures, and standard operating procedures (SOPs), along with training programs to educate employees. Regularly monitor and revise these security measures in accordance with best practices and industry benchmarks.
- Collaborate with stakeholders and team members to ensure alignment in defining and implementing effective security measures that comply with industry standards and regulations.
3. Ensuring Incident Preparedness and Response:
- Lead incident response activities, including investigation, analysis, and resolution of security incidents.
- Perform risk assessments to evaluate potential security threats and vulnerabilities impacting company systems.
- Manage and drive root cause analysis to identify and address the underlying causes of security incidents.
4. Maintaining Compliance and Best Practices:
- Drive ISO27001 certification and ongoing compliance.
- Develop and maintain (ISMS) Framework such as ISO27001, CIS, NIST, PIA etc.
- Conduct regular internal and external audits to assess ISMS effectiveness.
- Manage and prioritize corrective actions to address identified non-conformities.
- Contribute to developing and maintaining security metrics and KPIs to measure the effectiveness of security controls and processes.
- Establish and maintain a robust monitoring program for security systems and infrastructure.
- Implement key performance indicators (KPIs) to measure the effectiveness of security controls.
- Analyze security logs and alerts to identify potential threats and incidents.
Skills Required
Ability to communicate complex technical information to both technical and non-technical audiences.