Head - IT & Cybersecurity (PSS07034)

Job Description

Designation: Head - IT & Cybersecurity Location: Mumbai About the client: PSS has been mandated to hire a Head of IT & Cybersecurity for a leading player in the flexible packaging industry. Qualification: Computer Science/Information Technology Graduate. Master’s degree preferred. Relevant certifications such as CISSP, CISM, or CISA is highly desirable. Experience: 15-25 years of progressive experience CTC budget: 40-50 LPA Fixed Reporting to: Managing Director Responsibilities Strategic Leadership: Develop and communicate a comprehensive information and operational technology security strategy tailored to address the specific vulnerabilities and threats identified within the organization. Establish clear security objectives and key performance indicators (KPIs) to measure progress and effectiveness in improving the security posture, including both IT and OT environments. Immediate Risk Assessment and Mitigation: Conduct a thorough risk assessment to identify and evaluate the current security threats and vulnerabilities across both IT and OT systems. Prioritize and implement immediate actions to mitigate critical risks and vulnerabilities, leveraging both in-house resources and external expertise as needed, with a strong emphasis on securing OT environments. Policy and Compliance Overhaul: Review and revamp existing security policies and procedures to align with industry best practices and regulatory requirements, ensuring they encompass both IT and OT security considerations. Develop a robust compliance framework to ensure ongoing adherence to security standards and legal obligations, including regular audits and reviews of OT systems. Incident Response and Recovery Enhancement: Establish and maintain an enhanced incident response plan with clear roles, responsibilities, and communication protocols for handling security breaches in both IT and OT domains. Lead efforts to investigate past breaches, understand root causes, and implement measures to prevent recurrence, particularly focusing on vulnerabilities specific to OT systems. Security Awareness and Training: Implement a comprehensive security awareness and training program for all employees, including those involved with OT systems, to foster a culture of security consciousness. Conduct regular training sessions and simulations to prepare staff for potential security incidents and ensure they understand their role in safeguarding both IT and OT environments. Infrastructure and Technology Upgrades: Evaluate and upgrade existing IT and OT infrastructure and security technologies to address identified weaknesses and enhance overall security defenses. Implement advanced security measures such as multi-factor authentication, intrusion detection systems, and data encryption, ensuring they are adapted for OT systems where applicable. Collaborative Security Culture: Foster collaboration across departments to integrate security considerations into all business processes and decision-making, with a focus on bridging IT and OT security practices. Engage with stakeholders at all levels to ensure buy-in and support for security initiatives and changes, emphasizing the importance of OT security. Continuous Monitoring and Improvement: Establish a continuous monitoring program to detect and respond to security threats in real-time, covering both IT and OT systems. Regularly review and update security strategies and measures based on evolving threats and technological advancements, ensuring OT systems are included. Vendor and Third-Party Security Management: Assess and manage the security posture of third-party vendors and partners to ensure they meet the organization's security standards, including those related to OT. Establish contracts and SLAs that enforce security requirements and facilitate regular security assessments of third-party interactions, particularly those involving OT systems. Show more Show less