Head - Information Security/ Information security Head

Job Description

Roles and ResponsibilitiesPurpose of the roleThe Head of Information Security will be responsible for continuous development of security process and controls within the business (customers, business partners, employees and etc.). With wide range of clients/deployments all over the world and customer datas located in a different corresponding geographical locations the data to be protected as per the business and respective country regulatory information security polices. Also to provide overall direction, security life-cycle management and leadership for information security infrastructure and technology also responsible for security tools as well as the design, testing, adoption and operations of security technologies. The Head of Information Security will do the security reviews & assessments and the adherence to information security policies supporting audit and compliance practices.Primary Responsibilities:Functional

• Develop and document specifications and standards respective to security and infrastructure that are required for implementation of the IT Policies and Guidelines
• Research and investigate measures that address data security risks and potential losses for reporting purposes
• Plan, design, and implement security systems and their corresponding software, including firewalls, VPNs, intrusion detection/prevention systems, vulnerability scanners, policy compliance software, security information management systems, proxy servers, etc.
• Responsible to oversight of installation, modification, enhancement and maintenance of data system security software
• Perform periodic enterprise-wide information security risk assessments, penetration tests, and vulnerability scans for all the Public Domains, Websites, LAN, WAN and Systems environment
• Work on determining acceptable risk levels for the enterprise and ensuring the IT environments are adequately protected from potential risks and threats
• Assist in the research, development, communications, maintaining and working with the operational units on the enforcement of IT security architecture, information security policies, procedures, solutions and standards
• Participate in development and implementation of the appropriate and effective controls to mitigate identified threats and risks
• Review and investigate compliance with established policies, standards and procedures, assess requests for exception and/or exemption to policy and recommend appropriate disposition
• Assess compliance, providing information security advice, and analyzing information security events to determine root causes and preventative measures
• Test and provide network performance statistics and reports; develop strategies for maintaining IP network infrastructure
• Assist with the planning and deployment of infrastructure security measures
• Manage the SLAs with the vendors for IT security related services
• Maintain and provide the regular updates on Infrastructure security planning and overview of security reviews & assessments and the adherence to information security policies supporting audit and compliance practices.

Process

• Ensure that applicable quality management methods are used to support infrastructure security and continual improvement activities.
• Coordinate and define and implement the framework for overall infrastructure security design, maintenance, monitoring, development, and evaluation of all infrastructure systems, including LANs, WANs, and Internet, intranet, wireless, and telephone systems.
• Contribute to the development of information security policies (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures etc.) and procedures.
• Implement the IT security policies and procedures in a consistent manner and ensure adherence to these within the team

People

• Provide inputs and regular feedback to subordinates to help them in their professional and personal development

Promoting responsible behaviour by improving the culture internally to ensure all staff are protecting against possible security incidents.

• Lead and develop the talent by ensuring role clarity, setting performance standards & review mechanisms
• Guide and support team to achieve individual team and organizations objectives.

Key Result Areas

• Supporting the business in delivering quality and compliance in order to drive down information security risk. Ensuring various regulatory data guidelines and system regulations adhered
• Defending the business by building and implementing security process and procedure in order to protect and respond to risk.
• Continuous improvement by ensuring security updates and implemented as and when necessary.
• Build the SOC and help business to maintain/implement various security management frameworks as per the business requirements.
• Monitoring the IT security performance and ensure improvements on all the infrastructure domains.
• Ensure and Initiate corrective action to improve the security levels as per the reported breaches and report breaches
• Ensure Implementation of new systems, softwares and devices as per the security and hardening guidelines drafted and continual improvements of hardening guidelines.
• Coordinate with internal teams and ensure all the security observations identified in the internal and external audit and ensure closure within the timeline and report management on periodic basis.
• Ensure internal VA and Penetrations are conducted for IT infra systems and services as per the internal penetrations and VA documents.
• Information Security Service Level Management as per the business SLAs.

,

Keyskills :
management systemscorrective actiondata securitysecurity planningit security policiessecurity riskcompliance softwaresecurity toolssecurity managementquality managementit securitysecurity architecturenetwork performanceinformation management