IT Security Manager

Job Title:

Company Overview:

Job Overview:

Responsibilities:

• Develop and implement a comprehensive information security strategy, policies, and guidelines in accordance with the Cyber Security Guidelines issued by CEA and NCIIPC to protect the organization's information assets including IT & OT.
• Oversee the design, implementation, and maintenance of the company's information security architecture.
• Conduct regular risk assessments and vulnerability scans to identify potential security threats and vulnerabilities and develop mitigation strategies.
• Develop and implement the company's Cyber crisis management Plan, Critical information infrastructure protection plan, incident response plan and disaster recovery plans.
• Develop and maintain a security awareness and training program for employees, security team and other stakeholders.
• Ensure compliance with all regulatory and legal requirements related to information security, including CEA's Cyber Security Guidelines, NCIIPC guidelines, ISO standards and data privacy and protection laws (DPDPA Act).
• Establish and maintain strong working relationships with internal and external stakeholders, including regulatory bodies, auditors, and external security vendors and service providers.
• Manage and oversee the security operations team, including the security operations centre (SOC), security analysts, and security engineers.
• Develop and maintain metrics and reports to monitor the organization's information security posture and communicate security-related information to senior management and the board of directors.
• Identify,  mitigate and monitor information security risks to the company's operations, assets, and reputation and accordingly implement improvement initiatives.
• Manage the company's information security budget and ensure that resources are allocated effectively.

Qualifications:

• Bachelors or Master's degree in Computer Science, Information Technology, or a related field.
• Preferred to have professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Ethical Hacker (CEH).
• 7+ years of experience in information security, with at least 2 years in a leadership role.
• Experience in developing and implementing information security strategies, policies, and guidelines in accordance with regulatory requirements and industry best practices, including Cyber Crisis Management Plan (CCMP), Vulnerability Assessment & Penetration Testing (VAPT) and procedure for identification of Critical Information Infrastructure (CII), to deal with Cyber crises, contingencies and disasters, attack on IT & OT systems etc.
• In-depth knowledge of the power sector's cyber security guidelines, including CEA's Cyber Security Guidelines and NCIIPC guidelines.
• Experience in common information security management frameworks, such as ISO/IEC 27001, and NIST including cyber security standards for operational technology (OT) such as ISA/IEC 62443, and ISO/IEC 27019.
• Strong communication and leadership skills, with the ability to effectively manage a team and communicate complex information to non-technical stakeholders.
• Experience in managing information security audits, reviews, log analysis and coordinating responses with internal and external stakeholders.
• Familiarity with relevant regulatory and legal requirements related to information security, including IT Act, data privacy, protection laws and associated Rules.
• Strong analytical and problem-solving skills, with the ability to identify and mitigate potential security threats and vulnerabilities.
• Experience with Renewable Energy (Solar, Wind, Hybrid) Operational and IT infrastructure and its security management.