Technical Program Manager - InfoSec

Role & responsibilities

• Drive successful

  implementation of key security projects

  that include (but not limited to) new age technologies such as

  SASE, Secure Operational Technology, Zero Trust, Endpoint Detection & Response/XDR, Cyber Threat Intelligence etc

  .
• Overall management and governance of security operations centre that includes (but not limited to) technologies such as

  CASB, DLP, EDR, Data Classification, SIEM/SOAR, VAPT

  etc.
• Ensure information security partners deliver the promised SLA.

• Data pipeline mgmt for SIEM platform to ensure effective ingestion of security logs

  . Review use-cases, best practice configurations, Assess data leak control, periodic review of IT infrastructure that includes both on-prem and cloud workloads. DLP/DC effectiveness (policy/procedure /DLP incident review).

• Periodic assessment and reviews of IT and Information security processes (e.g. Change, Incident, Patching, Backup/restore, Hardening, Vulnerability mgmt, TPRM etc)

  and ensure timely closure of process control gaps.

• Security review of key IT systems. AI/ML security.

• Effective vulnerability mgmt by ensuring timely closure of the vulnerabilities. Periodic collaboration with special interest group on data leak identification and breach control. Periodic cloud security assessment to ensure secure information exchange and data security at rest, transit and use.
• Annual IT risk assessment for the business-critical processes and technologies, maintain the consolidated risk register and drive timely closure of the identified risk.
• Drive any applicable

  infosec audit (eg ISO27001, NDHM, Internal audit/assessment etc

  ) to its successful closure and track the timely closure of audit findings.

• Audit and assessment of IT processes, tools and critical business partners/vendors

  . Risk assessment of any data request, new technology deployment. Collaborate with business stakeholders on mitigation of risks and track closure of the risks.

• Secure medical instrument and OT technology deployment and assessment

  .
• Plan and prepare the budget projection for information security initiatives. Work with the relevant teams to drive the value of information security investments and optimization of technologies. Report utilization status and present future requirements.
• Impart Information security education across the diverse user-base and prepare relevant infosec content so as to generate appropriate awareness levels towards data protection.

Preferred candidate profile

• Experience:

  10+ Years in all stages of Cybersecurity like protection, detection, response & Recovery

• Qualification:

  B.Tech or equivalent degree in IT & related discipline

• Industry :

  Healthcare/BFSI/Telecom organization

• Certification :

  CISSP, CISM, CCSP, CISA, ISO27001 or equivalent
• Managing Information Security for mission-critical organizations preferably in BFSI / Healthcare organization.
• Interaction with senior executives in a formal environment and ability to manage effectively MSSP (Managed Security Services Provider)