Information Security Manager

Key Responsibilities

• Lead and manage the response to security incidents, coordinating efforts between the GSOC and local SOCs.
• Lead the incident response team in identifying, managing, and resolving security incidents.
• Develop and maintain incident response plans, playbooks, and procedures.
• Coordinate with internal and external stakeholders to manage and communicate the response to security incidents.
• Conduct regular threat hunting, vulnerability assessments, and risk analyses.
• Coordinate and manage the response to security incidents, including detection, containment, eradication, and recovery.
• Develop, implement, and maintain SOC policies, procedures, and standards.
• Conduct comprehensive assessments of the Active Directory environment, including architecture, configuration, security, and performance.
• Identify vulnerabilities, misconfigurations, and areas for improvement in AD operations.
• Develop and recommend strategies for optimizing AD performance, security, and scalability.
• Lead the implementation and management of EDR solutions across the organization.
• Develop and enforce EDR policies, procedures, and best practices.
• SIEM use case fine tuning.
• Monitor and analyse EDR alerts to identify and respond to security incidents.
• Collaborate with IT and security teams to ensure the effective deployment and integration of EDR tools.
• Conduct root cause analysis and forensics on security incidents to prevent future occurrences.
• Lead the deployment, configuration, and management of the Tanium platform across the organization.
• Develop and maintain policies, procedures, and documentation for Tanium operations.
• Monitor and analyse Tanium data to identify security threats, vulnerabilities, and compliance issues.
• Develop and implement a robust DLP strategy to protect sensitive data from unauthorized access, use, disclosure, disruption, modification, or destruction.
• Manage and configure DLP tools and technologies to monitor, detect, and respond to data loss incidents.
• Monitor and analyse data loss incidents, providing detailed reports and recommendations for mitigation.
• Collaborate with IT, legal, compliance, and business units to ensure DLP initiatives align with regulatory requirements and organizational goals.
• Develop and deliver training programs to educate employees on data protection best practices and DLP policies.
• Conduct regular audits and assessments to ensure the effectiveness of DLP controls and compliance with policies.
• Knowledge of Proxy & MDM.

Key Skills

• Deep understanding of cybersecurity principles, including threat landscapes, risk management, and best practices.
• Knowledge of network architecture, firewalls, intrusion detection/prevention systems, VPNs, and encryption.
• Proficiency with security information and event management (SIEM) tools, vulnerability assessment tools, antivirus/malware protection, DLP, SOAR, Nessus, Tanium, EDR, encryption and endpoint security solutions.
• Experience in developing and implementing incident response plans, as well as handling and mitigating security breaches. Understanding of relevant regulations and standards (e.g., DPDP & ISO 27001) and ensuring the organization meets these requirements.
• Knowledge of ISMS.
• Ability to conduct risk assessments and develop strategies to mitigate identified risks.
• Ability to lead and manage a security team, including DLP and SOC.
• Managing changes to security policies, procedures, and technologies in a way that minimizes disruptions to the organization.
• Deep understanding of encryption technologies and cryptographic protocols to protect sensitive information.
• Establishing and tracking key performance indicators (KPIs) and metrics to measure the effectiveness of the security program.
• Leveraging AI and machine learning technologies to enhance threat detection and response capabilities.

Qualifications & Experience

• Bachelor's degree in Computer Science, Information Technology, or related field.
• 10+ years of relevant experience.
• Deep understanding of cybersecurity principles, technologies, and best practices.
• Experience with network architecture, firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and encryption.
• Proven experience in developing and executing incident response plans, handling security breaches, and conducting post-incident reviews.
• Understanding of the specific security challenges and regulatory requirements within the insurance sector.
• Proficiency in conducting risk assessments, developing risk management strategies, and integrating risk considerations into security planning.
• Ability to work collaboratively with cross-functional teams and stakeholders at all levels of the organization.