Salary
{{1400000 / ('' == 'MONTH' ? 12 : 100000) | number}} - {{1700000 / ('' == 'MONTH' ? 12 : 100000) | number}} {{'' == 'MONTH' ? '/mo' : 'lpa'}}
Job description
Overall purpose of the job -
This role would be responsible for identifying and implementing mitigations, practices and controls ensuring adequate application and infrastructure security posture is maintained all at times
Key Performance Areas -
• Good at application threat modeling and applications risk identification & remediation
• Strong web application security experience with thorough understanding of web application vulnerabilities
• Knowledge of database, application, and web server design and implementation
• Familiarity with Security standards \ frameworks and groups (OWASP, OSSTM, WASC, FISMA)
• Experience in dynamic and static application vulnerability scanners like HP WebIspenct, IBM AppScan, HP Fortify, etc
• Create, implement & review data protection strategy across the organization.
• Experience in client handling including interaction with developers for understanding the mitigations
• Experience on Mobility Platform like Phone-Gap \ native Android \ Worklite and MDM /MAM
• Knowledge of DevOps and other upcoming technologies used in SDLC
• Experience in manual verification of false positives reported by automated tool
• Devise and enforce standards and best practices for data protection in line with international standards and industry best practices.
• Evaluate the adequacy of security measures including network security to protect organizational data and information assets
• Define and implement project as per approved Plan of action.
• Identify security solutions as per business needs
• Manage POC for agreed and approved solutions as per defined process
• Conduct partner reviews
• Coordinate with vendors / partners on closure of projects / activities
• Manage intra and inter department conflict amicably
• Benchmark and compare security practices with the industry
• Implementation, operation and maintenance of the Information Security Management System based on standards like ISO/IEC 27001, Cobit, ITIL etc as applicable.
• Information security risk assessments and controls selection activities
• Track all audit schedules and ensure closure of all security gaps.
• Reporting of all critical security issues
• Co-ordinate for Risk Assessment of IT systems and Third Party workloads
• Facilitate Internal process and IT audits
• Software license compliance at all times
• Implement tools and processes related to compliance monitoring as per internal security policies and applicable laws and regulations
• Facilitate and drive initiatives of Internal Audits for Information Technology and update on Closure and Identified Risk to the Management
• Review of Third Party applications / systems and network security on monthly basis
• Adherence To Change Management Processes
Read more