IT Application Cybersecurity Manager

Job Title: IT Application Cybersecurity Manager

Location: HO, Mumbai, India

Department: Cybersecurity

Reports To: Chief Information Security Officer (CISO)

Working Days: WFO 6 days (Off on the 2nd and 4th Saturdays)

Job Summary: We are seeking an experienced IT Application Cybersecurity Manager to lead our cybersecurity efforts focused on application security within our organization. The ideal candidate will have over 10 years of experience in cybersecurity, with a strong emphasis on application security in a manufacturing setting. This role is critical in ensuring the security and compliance of our applications and related infrastructure.

Key Responsibilities:

• Develop and Implement Security Strategies: Create and enforce comprehensive cybersecurity strategies and policies tailored to application security, ensuring alignment with overall enterprise cybersecurity programs and regulatory requirements.
• CI/CD Architecture: Design and implement secure CI/CD pipelines to ensure the integrity and security of application deployments.
• Security by Design: Integrate security best practices into the application development lifecycle from the initial design phase.
• Privacy by Design: Ensure that privacy considerations are embedded into the design and development of applications.
• Vulnerability Assessment and Penetration Testing (VAPT): Conduct regular VAPT for applications to identify and mitigate security vulnerabilities.
• Secure Software Development Lifecycle (SDLC): Oversee the implementation of secure SDLC practices to ensure the development of secure applications.
• Application Compliance: Ensure that all applications comply with relevant cybersecurity regulations and standards, such as GDPR, ISO/IEC 27001, and industry-specific guidelines.
• DevSecOps: Integrate security practices into the DevOps processes to ensure continuous security throughout the development and deployment lifecycle.
• API Security: Implement and manage security measures for APIs to protect against threats and vulnerabilities.
• Oracle ERP Security: Ensure the security of Oracle ERP systems, including access controls, data protection, and compliance.
• Container Security: Implement security measures for containerized applications and manage container security tools.
• Dockets Security: Oversee the security of docketing systems to ensure data integrity and confidentiality.
• User Access Review (UAR): Conduct regular user access reviews to ensure appropriate access controls are in place.
• OWASP Top 10: Ensure that applications are developed and maintained in accordance with the OWASP Top 10 security guidelines.
• Risk Management: Conduct thorough risk assessments of application systems, networks, and assets to identify vulnerabilities and implement mitigation measures.
• Compliance and Standards: Ensure compliance with relevant cybersecurity regulations and standards, such as GDPR, ISO/IEC 27001, and industry-specific guidelines.
• Incident Response: Lead the response to cybersecurity incidents related to applications, including investigation, containment, eradication, and recovery efforts.
• Audit and Assessment: Conduct regular audits and security assessments to evaluate and enhance the organization's application security posture.
• Collaboration: Work closely with IT, development, and operations teams to integrate cybersecurity measures seamlessly into application development and deployment processes.
• Monitoring and Reporting: Oversee the continuous monitoring of application systems for potential security threats and develop regular reports on cybersecurity metrics and incidents.
• Training and Awareness: Develop and deliver cybersecurity training programs to enhance the security awareness of all employees, particularly those working with application systems.
• Technology Management: Evaluate, implement, and manage cybersecurity technologies and tools specific to application security, such as web application firewalls, vulnerability scanners, and secure coding practices.

Qualifications:

• Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A master's degree is preferred.
• Experience: Over 10 years of experience in cybersecurity, with at least 5 years focused on application security in a manufacturing environment.
• Certifications: Relevant certifications such as CISSP, CISM, CRISC, or similar are highly desirable.
• Technical Skills: Strong understanding of application security principles, CI/CD architecture, cybersecurity frameworks (e.g., NIST, ISO/IEC 27001), and risk management practices

Leadership: Proven experience in managing and leading cybersecurity teams, with excellent communication and interpersonal skills

Problem-Solving: Strong analytical and problem-solving abilities, with a proactive approach to identifying and addressing security challenges

Preferred Skills:

• Experience with secure software development lifecycle (SDLC) practices.
• Knowledge of the latest cybersecurity threats and trends specific to application security.
• Familiarity with disaster recovery and business continuity planning.