Responsibilities
Responsible for implementing and maintaining the enterprise vision, strategy, policy and program to ensure regional information assets are adequately protected.
Serve as the process owner of all ongoing regional activities related to the confidentiality, integrity and availability of information and resources of customers, business partners, employees and business information, in compliance with the Groups’ information security policies
The scope of responsibility will encompass communications, applications, and infrastructure, including the enforcement of the policies and procedures which apply.
Coordinate information security projects with resources from the IT organization and business units
Implement the Group security and privacy policies, controls, and cyber incident response procedures in Ashirvad
Work with team to ensure that disaster recovery and business continuity plans are in place and tested.
Conduct annual Organisational cyber drill and VAPT
Responsible for conducting cyber awareness program for Ashirvad
Investigate and coordinate resolution and recovery actions for assigned Incidents, compliant with best practices and legal requirements.
Analyse the incident situations, determine the breadth of the compromise, and take corrective action.
Responsible for resolution of assigned Incidents.
Support the prompt recovery of the system, supervising and directing the internal or external parties.
Keeping affected business partners informed about progress of incident resolution.
Conduct post-incident exposure assessments to identify sources of exposure and identify actions to close security gap.
Report appropriate metrics with regards to Information Security to Group Security and regional managements.
Responsible for educating local IT of incident response aligned with legal requirements
Conduct periodic security reviews and propose actionable plans to protect the business.
Maintain a current understanding of the Cyber threat landscape.
Other duties as assigned
Requirement:
Master’s degree in computer science, IT Security or related field.
7+ years technical experience in IT Security.
Technical knowledge of and 5-7 years hands-on experience with different types of networking, applications, SAAS and operating systems
5-7 years experience in implementing security solutions on an enterprise scale.
One or more of the following professional certifications: ISO 27001, GDPR (Good to have)
Scripting skills (PowerShell, Perl, python)
Good communication skills
Able to think outside the box: find unexpected ways to solve problems or meet requirements
Excellent professional demeanor
Good security industry connect
Security risk assessment experience
Understanding of regional laws concerning privacy, data acquisition, protection and transmission of information