IT- Security

Responsibilities:

Process Implementation:

Work with process owner on the Implementation of Policies and procedures Ensure new request for new process / procedure are delivered as agreed Analyse the effectiveness of current process in order to Improve workflow effectiveness and perform design or redesign of process to improve the operational efficiency Ensure process review calendar in place and conducted as per schedule and ensure complete Integration of all process and linkage to best practises Work with team to manage alignment between defined process Ensure new / changed process to communicate to all stake holders

Vulnerability Management:

Validation of VA Scope on Half-yearly basis Coordination with Security Team / EY for performing VA as per the Scope Review Half-yearly VA reports received from EY with Security Team and Publish to Technology SPOC for remediation Coordinate with Technical Teams on remediate status on review remediation evidence Publish VA Report and Dashboard to stakeholders Perform Trend analysis on Vulnerabilities Review process of an annual basis or as and when there is change and suggest Improvements and modifications

Customer RFP Responses:

Respond to Compliance Questions in RFP Coordinate with Technical teams on Responses Discuss and Obtain Concurrence on Deviation in Compliance Requirements

Access Management:

Review and Process logical access to third party and vendor to Infrastructure for collaboration Review of logical and Physical access controls Ensure Implementation of access control polices on Infrastructure devices and physical Locations Build and Maintain access baseline as per roles and Responsibilities Continuous improvement in access control framework such as automation Review Hardening Baselines in line with updated CIS benchmarks Review access control Policies and procedures for change and incorporate appropriately

Audits:

Ensure Internal audits are carried out as per schedule Coordinate with Teams during audit Collate, review and submit the evidence from teams to audit within agreed timelines Ensure Audits are carried out as per schedule Coordinate with Teams during audit Collate, review and submit the evidence from teams to audit within agreed timelines Follow-up on post audit remediation and closures of findings Risk Assessments:Perform Risk Assessment for IT Infrastructure and Components in ISMS scope for India, US and UK Prepare Risk Dashboard and Publish to stakeholders Track Risk Remediation and Ensure Remediation Ensure participation in Management forum and provide Update on ISMS Track and close actions Identified in MR Participate in the weekly meeting and Monthly Digital Operations Review Meeting Track and close actions Identified in Digital Operations Review Develop, enhance Cyber Security solutions / Services roadmap, services catalogue and teamEvaluate and implement Cyber Security, Information Security solutions, in line with market treads and Business requirementsBuild partnerships with Security products and solution providers capable of delivering solutions globallyLead, strategize team training in Security solution and products

Qualifications:

Should have at least 10 years of experience in IT Services / Professional ServicesShould have prior experience playing a role of a manager or lead or head of information security practice in a pharma or IT Services companyExperience in Cyber Security, Information Security as a leader, with experience leading strategic initiatives, establishing partnerships and teamsNeed experience building a practice, team and in leading & owning the cyber security practices for the organizationCertified ISO auditor and hands of experience in implementing and manging the ISO 27001 frameworkShould be able to work independently and interact with functional team members to achieve targetsRoles and Responsibilities

---