Manager - Cyber Security (Gurgaon)

Role & responsibilities

• Perform Security and Privacy review of existing and new business process and solution implementations.
• Review product architectures for IT control security design gaps and vulnerabilities and consult with product teams and cyber security to remediate or mitigate cyber risk. Identify IT application end to end security deficiencies and implement approved remedial actions.
• Perform Privacy Impact Assessments for new processes involving personal data.
• Support adoption of comprehensive application security processes, procedures, and guidelines.
• Undertake required tactical application security skills and awareness training as required.
• Implement systems and integrations to drive greater automation and remove areas of human error.
• Collaborate with internal and external auditors during IT audits.
• Regularly assess the effectiveness of IT application controls using defined metrics and indicators.
• Prepare regular reports on outcomes and recommend enhancements to bolster IT governance.
• Proactively monitor IT security controls (data validation, authorization, encryption, audit logging, etc.) for key applications (on-premises and cloud-based) to identify weaknesses and potential vulnerabilities.
• Analyze security alerts and application security control deficiencies, recommending and implementing corrective actions.
• Regularly assess the effectiveness of IT security controls using defined metrics and indicators to identify areas for improvement.
• Collaborate with internal and external auditors during IT audits, providing technical expertise and insights.
• Ensure IT security controls operate efficiently and effectively, aligned with information security policies, standards, and compliance requirements.
• Identify and address gaps in security control design to mitigate cyber risks.
• Support the adoption of comprehensive application security processes and procedures, ensuring adherence to security best practices.
• Collaborate with cross-functional teams (product, development, security) to ensure a secure and seamless customer experience across platforms.
• Prepare regular reports on security control effectiveness and recommend enhancements to strengthen IT governance.
• Communicate effectively with technical and non-technical audiences regarding security controls and findings.

Minimum Requirements

• Bachelors degree required.
• 10+ years of Cybersecurity and Privacy experience, with a heavy background managing cybersecurity and privacy functions.
• Knowledge of information security and privacy management frameworks (example: ISO 27001/NIST CSF).
• Knowledge of Global and India Data protection laws and regulations. (example: GDPR, India DPDPA, SG PDPA etc.)
• Ability to communicate clearly and effectively with both technology/development and business partners. Strong relationship, team building and facilitation skills.
• Ability to translate technical/security issues to business users.
• Proven analytical and problem-solving abilities.
• Ability to independently influence others to achieve objectives.
• High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

Preferred skills and experiences:

• Bachelors degree in computer science, information systems or equivalent.
• Security certifications to include: CISSP, CISM, CRISC, CISA and other technical certifications.
• Privacy Certifications to include: CIPM, CIPT, CIPP and other product specific certifications.
• MBA or Master's degree in a management, scientific, technical, or engineering field.
• Significant work experience with different regions/business units on risk management and leading information security initiatives.