IT- Security

Responsibilities:Process Implementation:Work with process owner on the Implementation of Policies and proceduresEnsure new request for new process / procedure are delivered as agreedAnalyse the effectiveness of current process in order to Improve workflow effectiveness and perform design or redesign of process to improve the operational efficiencyEnsure process review calendar in place and conducted as per schedule and ensure complete Integration of all process and linkage to best practisesWork with team to manage alignment between defined processEnsure new / changed process to communicate to all stake holdersVulnerability Management:Validation of VA Scope on Half-yearly basisCoordination with Security Team / EY for performing VA as per the ScopeReview Half-yearly VA reports received from EY with Security Team and Publish to Technology SPOC for remediationCoordinate with Technical Teams on remediate status on review remediation evidencePublish VA Report and Dashboard to stakeholdersPerform Trend analysis on VulnerabilitiesReview process of an annual basis or as and when there is change and suggest Improvements and modificationsCustomer RFP Responses:Respond to Compliance Questions in RFPCoordinate with Technical teams on ResponsesDiscuss and Obtain Concurrence on Deviation in Compliance RequirementsAccess Management:Review and Process logical access to third party and vendor to Infrastructure for collaborationReview of logical and Physical access controlsEnsure Implementation of access control polices on Infrastructure devices and physical LocationsBuild and Maintain access baseline as per roles and ResponsibilitiesContinuous improvement in access control framework such as automationReview Hardening Baselines in line with updated CIS benchmarksReview access control Policies and procedures for change and incorporate appropriatelyAudits:Ensure Internal audits are carried out as per scheduleCoordinate with Teams during auditCollate, review and submit the evidence from teams to audit within agreed timelinesEnsure Audits are carried out as per scheduleCoordinate with Teams during auditCollate, review and submit the evidence from teams to audit within agreed timelinesFollow-up on post audit remediation and closures of findingsRisk Assessments:Perform Risk Assessment for IT Infrastructure and Components in ISMS scope for India, US and UKPrepare Risk Dashboard and Publish to stakeholdersTrack Risk Remediation and Ensure RemediationEnsure participation in Management forum and provide Update on ISMSTrack and close actions Identified in MRParticipate in the weekly meeting and Monthly Digital Operations Review MeetingTrack and close actions Identified in Digital Operations ReviewDevelop, enhance Cyber Security solutions / Services roadmap, services catalogue and teamEvaluate and implement Cyber Security, Information Security solutions, in line with market treads and Business requirementsBuild partnerships with Security products and solution providers capable of delivering solutions globallyLead, strategize team training in Security solution and productsQualifications:Should have at least 10 years of experience in IT Services / Professional ServicesShould have prior experience playing a role of a manager or lead or head of information security practice in a pharma or IT Services companyExperience in Cyber Security, Information Security as a leader, with experience leading strategic initiatives, establishing partnerships and teamsNeed experience building a practice, team and in leading & owning the cyber security practices for the organizationCertified ISO auditor and hands of experience in implementing and manging the ISO 27001 frameworkShould be able to work independently and interact with functional team members to achieve targets Roles and Responsibilities

---