Head - Information and Security Management

Samsung Semiconductor innovates today to Power the Devices of Tomorrow. Our vision Inspire the World, Create the Future is at the core of our commitment to create a better world full of richer digital experiences, through innovative technology and products. Samsung Semiconductor R&D (SSIR) information is protected effectively by applying the Confidentiality, Integrity and Availability framework as required by Samsung Information security policy and Standard. To support its operation and growth in India (Bangalore), we are looking out for a candidate in the following area.

What

The Security Head is responsible for protecting Samsungs Digital and Physical assets. The role will be responsible for developing and maintaining comprehensive Information and Physical security strategy that aligns will the business objectives and assists the organisation in minimising the overall risk exposure. The role oversees secure deployment of technologies, manages incident response, ensuring compliance to internal and external regulations and mandates defined by Samsung HQ. The role is required to closely collaborate with IT, HR, Legal and Business leaders. The role requires to drive security culture across the organisation and assists in enforcing security policies, monitor emerging trends, evaluate new technologies and drive adoption of new solutions by partnering with HQ security team. The role is additionally responsible for maintaining the Physical security organisation

• Develop and maintain Enterprise Information Security program
• Develop and implement organizations physical security strategy across all facilities
• Partner with Business teams and incorporate security requirements into the project lifecycle
• Oversee Internal audit, external assessment and regulatory compliance requirements
• Build and manage threat detection, incident response and forensic capabilities
• Design and manage Continuous threat exposure management CTEM program
• Define and track KPIs / Metrics to measure security program effectiveness
• Lead risk management programs to identify security risks and appraise management on matters that need immediate attention
• Evaluate and deploy new security solutions to enhance the security posture of the organisation
• Facilitate / manage / lead security council initiatives for the organization
• Establish Information and physical security governance framework. Plan initiatives for continuous improvements
• Perform benchmarking exercises on existing processes and technologies and propose initiatives for improvement
• Collaborate with IT and business functions to embed security requirement into new solutions
• Conduct physical security audits, penetration tests and red team exercises to validate controls
• Plan and manage Information security budget requirements
• Develop and implement policies, standards and guidelines
• Oversee information security awareness program, training and simulation activities, including information security sessions of new employees
• Oversee access control and badging systems, surveillance infrastructure and perimeter protection measures
• Monitor and report physical security incidents, trends and workplace events involving physical assets

Qualification:

• At least 15-22 years’ work experience in Information Security management, IT Audits, Network & Security Consulting and IT management for large corporations, Financial Institutions – preferably Big 4 experience.
• Excellent Leadership, communication and stakeholder management skills
• Proven expertise in designing and deploying strategic initiatives spread across multiple years with continuous evolution over contract lifecycle.
• Ability to balance departmental goals with business directions
• Strong focus on program execution with ability to meet the desired outcomes.
• Strong knowledge of emergency response, critical incident handling, crisis management
• Adept with new age concepts like Transformation, Automation, Orchestration. Active contributor in Industry forums on thought leadership for various security related topics.
• Ability to enhance Security team efficiency by adopting global best practices,
• Exposure to monitoring & detection framework with elements from MITRE, NIST OWASP, SANS Critical Controls, ISO/IEC 27001/27002 and COBIT
• Proficiency in leading large scale GRC program to reduce risk and improve control effectiveness.
• Ability to enhance security monitoring and compliance through controls monitoring, automation, smart dashboards and risk reduction measures
• Strong collaboration skills; partner with Business & IT leaders, application owners and information security champions to define and establish unified program to address IT security issues and mitigate risks across the organisation
• Manage department budget and finances,
• Team building; experience in building high performance teams.
• Ability to design the structure of the team, assign roles and responsibilities, onboard team members, guide and mentor them to perform their activity.