Job
Description
Hiring, Head of Information Security Job Purpose The Head of Information Security is tasked with creating and sustaining the enterprise vision, strategy, and program to safeguard the integrity, availability, and confidentiality of the organization's information assets. This involves implementing and maintaining comprehensive security measures and practices. This leadership position includes overseeing the development and execution of a strong cybersecurity framework, leading a team of security professionals, and working collaboratively with other departments to mitigate risks. Roles and responsibilities Strategy & Governance Development and implement a comprehensive information security strategy aligned with the organization goals and leading industry practices. Establish and maintain information security policies, standards and procedures to ensure compliance with relevant regulations and frameworks. Manage budget for IT security related activities and initiatives, ensure ROI on the same. Establish IT security governance frameworks, policies and procedures to ensure integrity and availability of information assets. Security Architecture Design Oversee design and implementation of a robust and resilient security architecture including network security, infrastructure and information security, and application security. Evaluate and select appropriate security technologies, tools and vendors to protect the organizations information assets. Review and assess the security controls and configurations of existing systems and applications and provide recommendations for improvement. Collaborate with enterprise architects/ technology partners to ensure security is integrated into the design and development of new systems and applications. Security Operations & Incident response Oversee the day-to-day operations of the organizations security infrastructure and develop incident response plans to address and mitigate security incidents effectively. Drive regular security, risk & vulnerability assessments to identify vulnerabilities and weaknesses in the organizations systems and infrastructure. Manage and resolve security incidents and lead incident response efforts, including investigations, containment, eradication and recovery in case of cyber attack Security incident & Threat Intelligence Stay updated on the latest security threats, vulnerabilities, and industry trends through continuous benchmarking and research. Proactively identify emerging threats and vulnerabilities and develop strategies to mitigate their impact. Collaborate with internal and external stakeholders to conduct penetration testing, vulnerability assessment and security audits. Develop standard operating procedures for incident response during ransomware attacks Vendor & Third-Party Risk Management Assess and manage security risks associated with third-party vendors and service providers. Provide input during vendor evaluation and selection based on their security capabilities and compliances with security standards. Compliance & Regulatory Requirements Ensure organization’s compliance with relevant laws, regulations and industry standards pertaining to information security. Monitor and interpret changes in security regulations and standards and assess their impact on the IT landscape. Lead and coordinate audits, assessments and certification processes related to information security. Collaboration Work closely with IT, legal, compliance, and business units to integrate security practices into daily operations. Act as the primary point of contact for security-related matters with external partners, vendors, and regulatory bodies Security awareness and Training Collaborate with learning & development team to implement security awareness and training programs about information security risks, leading practices and policies. Conduct regular security awareness campaigns, monitor and evaluate the effectiveness of security awareness efforts. Conduct Cyber War game drills with business users to enhance preparedness for handling ransomware attacks. People Management Provide direction and guidance to the team and foster a collaborative and high-performance environment. Qualification and Experience : A post-graduate or bachelor's degree in engineering with 18-22 years of work experience, including 7-10 years in leading a cybersecurity organization, is required. The role demands extensive experience in identifying and mitigating information & cyber security risks and a comprehensive understanding of regulatory requirements. Professional security certifications like CISA, CISSP, CISM, ISO 27001:2013 LA, etc., are highly desirable. Familiarity with security technologies is crucial, including firewalls, network access control, IDAM & ITDR, EDR, secure web gateways, email security gateways, data leak prevention (DLP), MFA, WAF, DDoS, PAM, SIEM & SOAR, and micro-segmentation. Other Skills: Excellent Communication, Presentation & inter-personal Skills Should possess knowledge of various Security Solutions (Endpoint Protection, Advanced Threat Protection, Data Leak Prevention), Network Security, Databases, OS, etc. Knowledge of the industry's standards and regulations in the Healthcare or Pharma industry is preferred.
