IT Security Lead

Primary Duties and Responsibilities:

Sl.No Key Result Areas (Primary Responsibilities) Overview: Lead Information Security Processes across all units and locations of ASTRAL Ltd. A Key member of the IT team who will play a pivotal role in ensuring Business Continuity and Information Security in ensuring a sustainable and robust digital transformation. Responsibilities: Financial · IT Project ROI and business case · Prevent and mitigate any financial loss to the company on account of Digitization · Ensure business continuity Customer · Business Engagement with IT · Balance Security compliance and user flexibility to provide secure yet user friendly IT systems Process · Achieve zero downtime of IT systems and applications on account of any security violations or risks · Create and maintain the enterprise’s security architecture design, security awareness training program, security documents (policies, standards, baselines, guidelines and procedures), Business Continuity Plan and Disaster Recovery Plan, where appropriate. · Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers (internal and cloud) and other systems and in databases and other data repositories · Design and execution of vulnerability assessments, penetration tests and security audits.

· Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documents · Create monthly information security scorecards Capability · Select and acquire security solutions or enhancements to existing security solutions to improve overall enterprise security · Manage deployment, integration and configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically. · Perform regular security awareness training for all employees to ensure consistently high levels of enterprise security compliance · Handle Emergency Response and Crisis Management, Physical Access control, Information Protection, Incident Management and/or Investigation. · Responsible for providing CTO, advice and counsel on security policy and practices. Identifies exposures and to recommend and develop corrective plans as appropriate Measurable deliverables · Zero disruption of business by taking proactive measures in identifying and mitigating risks · Achieve and sustain ISO 27001 and ISO 22301 · Business value creation and ROI from IT Security initiatives and Projects · Ability to pursue Digital Transformation projects in time with security checks

Person Specifications:

Sl.No Area Details

1 Education Engineering (BE/BTech) graduate from a reputed institution with CISSP Certification · CEH, CISM certifications shall be a definitive advantage · ITIL Certification preferred CEPP certification in Python

2 Years of Experience 12 – 14 Years

3 Specialized Knowledge · Hands on experience in all phases of the Information Security life cycle from strategy and planning to operation and governance of Information Security Management Systems · Skills in security services and technologies like SIEM, incident response, network forensics. · Must have hands on experience having managed compliance and achieved certification ISO 27001 and ISO 22301 for non ISO environments. · Hands on experience in developing and reviewing information security policies, incident response plans, change management, vulnerability management, patch management as they apply to various facets of the infrastructure in scope. · Experienced in performing external and internal penetration tests, network vulnerability assessments and take remediate network weaknesses that are exposed to threats. · Must be versatile with security assessments of Cloud Infrastructure and Mobility Solutions. · Manage Vendors and extended teams While not mandatory, would prefer: · Exposure to Change management · PMP certification · Participated in Enterprise level Digital Transformation Projects

4 Behavioral Skills Strong communication skills · Ability to influence and play a catalyst role in process changes engaging all stake holders · Commitment towards processes · Strong Interpersonal skills · Challenges the status quo · Lateral Thinking and Strategic Outlook · Strong belief and conviction in the face of stress · Orientation towards end consumer – employee · Team Player with a collaborative approach · Stays current on business issues, industry trends, and technological advances · Leadership Orientation · Developing Others · Impact and Influence

Place of work