Sr. Information Security Manager

10-12 years
a month ago 5 Applied
Job Description

Job Title

Sr. Information Security Manager

Job Description

Job Title - Information Security Manager
Job Location - Bangalore

In this role, you have the opportunity to
As a Senior Information Security Manager, you will be responsible for developing, implementing and monitoring a
strategic, comprehensive IT security program while ensuring compliance with regulatory requirements, and
mitigating risks to the organization's information assets. Information Security Manager will provide the vision and
leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective
governance, system and infrastructure availability, integrity and confidentiality.
Key Responsibilities:
Information Security Strategy:
. Develop and execute a strategic information security plan aligned with organizational objectives.
. Establish and maintain policies, standards, and procedures to ensure the confidentiality, integrity, and
availability of healthcare information.
Risk Management:
. Identify and assess information security risks, conducting regular risk assessments and vulnerability
assessments.
. Develop and implement risk mitigation strategies and controls to protect against potential threats.
Compliance and Standards:
. Ensure compliance with relevant healthcare regulations, such as HIPAA and other industry-specific
standards.
. Stay abreast of changes in regulatory requirements and update policies and procedures accordingly.
Incident Response:
. Lead the development and execution of incident response plans.
. Coordinate responses to security incidents, conduct post-incident analysis, and implement corrective
actions.
Security Awareness and Training:
. Develop and deliver information security training programs for employees at all levels.
. Foster a culture of security awareness throughout the organization.
Security Architecture:
. Design and implement a robust security architecture, incorporating the latest technologies and best
practices.
. Collaborate with IT teams to ensure that security is integrated into system development and deployment
processes.
Vendor Management:
. Evaluate and manage the security posture of third-party vendors and partners.
. Establish and maintain strong relationships with vendors to ensure the security of products and services.
Information Security Manager needs to have a strong understanding of the below-mentioned areas:
. Threat modelling
. Security Testing (includes Dynamic and static Security Testing),
. Application Architecture review
. Information Security, Cloud & Network Security Architecture Review
. Define Security Use Cases
. Cloud Platform Security
. Data Lake Security
. Network Segmentation
. Cyber Security Framework Based on Industry Standard / Best Practices
. Microsoft Defender Implementation and Monitoring (Malware, EDR, ATP)
. Microsoft 365 Security
. Designing of Conditional Access Policy
You are responsible to:
. Develop and maintain robust security controls to protect Philips's business from security breaches/
incidents.
. Deliver security demand from the business for security controls.
. Gather Security Management Framework and information security architectural requirements and drive
compliance of Enterprise IT systems against those requirements.
. Manage the risk profile of the IT systems and Suppliers
. Drive education and awareness activities across the platform and Enterprise IT.
. Evaluate new cybersecurity threats and IT trends and develop effective security controls.
. Establish regular governance with service owners to review security control status
. Liaison with Philips Information Security Office in driving the security Improvement Program
. Evaluate potential security breaches, coordinate response, and recommend corrective actions.
. Define and report on information security KPIs.
. Organize the preparation of the security status dashboards including presentation to executive
management.
. Analyze application end to end, prepare threat modelling (STRIDE, PASTA & DREAD) based on different
risk scenarios and drive to fix those risks
. Cloud Security Management that includes Security Posture Management, Security Baseline, Code
validation for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard
Firewall Management, Docker Security, Kubernetes security
. Prepare security use cases / functional requirements that new solutions need to meet. Validate those
requirements are met when the solution is delivered
. Perform API Security testing that includes - API inventory, logging and monitoring, API Gateway Security,
API Services Security.
. Exposure to network security which includes network segmentation, DDoS, Network Devices Security
Baselining and monitoring, and firewall rules review for any deviation.
. Application Security - integration of security tooling with CI/CD pipeline, review of security reports and
follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code
Review etc.
. Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication,
design conditional access policy
. Management of foundational security tooling e.g. tools like Defender, EDR, Vuln Mgmt, CMDB agent.
. Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real
threat actors.
. Perform attack pattern analysis based on MITRE Attack framework, support solution development to
address the pattern
. Define Data Protection roadmap and work with architecture to meet the requirement. Deploy data
protection tools like CASB, DLP etc.
You are a part of
Enterprise IT Security team working closely with Enterprise IT, IT Platform Leaders, CIO and CISO.
To succeed in this role, you should have the following skills and experience
Soft Skills
. Excellent English language communication skills, both verbal and written. Cross-cultural etiquette,
customer-centric and collaborative mindset.
. Works autonomously within established procedures and practices.
. Good command of stakeholder management, judgement, conflict resolution, risk & mitigations.
. Provides leadership to the global team at strategic, tactical, and operational levels
. Maintains current knowledge of industry and regulatory trends and developments for enterprise
technology.
. Specialized in several Security domains such as incident response, operational assessment of security
posture, and general security management.
. Thorough understanding of Security Management principles, Security governance principles
Qualification
. Bachelor's or Master's degree in Information Technology and or commensurate experience in delivering
security solutions.
. Overall Enterprise IT Security experience of 10 yrs or more.
. Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.
In return, we offer you
A warm welcome to a challenging, innovative environment with great opportunities for you to explore. Quality is
right on the top of Philips leadership agenda and that means you have the unique opportunity to come in and have
a recognized voice to drive and witness exciting, transformational changes. You will be empowered to drive highquality,
groundbreaking innovations with a globally recognized, premium brand behind you. Next to that a
rewarding career in Philips with an attractive package
Why should you join Philips
Working at Philips is more than a job. It's a calling to create a healthier society through meaningful work, focused
on improving 2.5 billion lives a year by delivering innovative solutions across the health continuum. Our people
experience a variety of unexpected moments when their lives and careers come together in meaningful ways.
Learn more by watching this video.
To find out more about what it's like working for Philips at a personal level, visit the Working at Philips page on our
career website, where you can read stories from our employee blog. Once there,you can also learn about our
recruitment process, or find answers to some of the frequently asked questions.

JOB TYPE

Industry

Skills

Dlp
Web Services Security
CI/CD pipeline
Microsoft 365 Security
atp
MITRE Attack framework
Microsoft Defender
API Services Security
API Gateway Security
Docker Security
Cloud Security Management
API Security testing
Kubernetes security
CASB
Network Segmentation
EDR
Conditional Access Policy
Security Code Review

People Also Considered

Career Advice to Find Better