Information Security Lead-8 to 1 0yrs

Information Security Lead ( 8 – 10 Year Experience) Governance Risk and Compliance Project Implementation: Oversee the implementation of information security projects, ensuring alignment with organizational goals and compliance requirements. Policy Development and Maintenance: Develop, maintain, and update information security policies to align with best practices and regulatory requirements. Compliance: Drive compliance with relevant industry standards like ISO 27001, SOC 2, RBI guidelines & Master directions, PCI-DSS, NPCI regulations Risk Assessment and Management: Identify, assess, and prioritize cybersecurity risks across both cloud and on-prem environments. Compliance Audits: Act as the primary contact for audits and inspections, ensuring compliance and reporting. Security Training and Awareness: Run regular security training programs, including phishing drills, to promote a security-aware culture. Third-Party Vendor Security: Evaluate and monitor third-party vendors' security posture, implement risk management protocols, and ensure SLAs include security considerations. Security Architecture: Manage , review, and oversee the organization's security architecture and Infrastructure. Disaster Recovery and Continuity: Maintain and test disaster recovery and business continuity plans. Security Operations and Incident Response Incident Response: Oversee daily security operations, establish and manage incident response protocols for both cloud and on-prem systems. Incident Investigation: Lead incident investigations and root cause analysis. Security Simulations: Conduct security incident simulations to test and refine incident response plans. SIEM, DLP, EDR: Manage and oversee the use of security tools like SIEM, DLP, Brand Reputation, and EDR for threat detection and incident response. Vulnerability Management Vulnerability Program: Lead VA/PT programs to identify and remediate identified vulnerabilities across application , API, Mobile apps etc. Patch Management: Oversee the implementation and maintenance of patch management processes to address vulnerabilities. DevSecOps and Secure Coding: Embed secure coding and DevSecOps practices within CI/CD pipelines. Red Team : Oversea an organization's security defenses by identifying vulnerabilities, assessing security effectiveness, and providing feedback for improvement SCD (Secure Configuration document) : Develop and maintain comprehensive documentation of CIS Benchmark implementation, configuration baselines, and compliance status by regular assessments and audits against established CIS Benchmarks. Strategic Engagement and Reporting: Security Metrics and Dashboards: Prepare security metrics, dashboards, and risk reports to demonstrate the effectiveness of security programs. Strategic IT Governance: Participate in strategic IT governance forums to ensure alignment between IT security and organizational goals.

Job Type: Full-time

Pay: ₹100,000.00 - ₹150,000.00 per month

Experience:

• Information security Lead: 8 years (Required)
• Vulnerability,governance,risk and complaince: 6 years (Required)

Work Location: In person