Organisation is building their Information Security and IT Risk capabilities to cater to growing Information Security , Risk and assurance needs of their business, clients and regulatory requirements. The capabilities being developed cater to different areas of Information Security (Governance, Risk & Compliance), IT Client Support & Supplier Assurance, Cyber Defence Centre and IT Risk & Assurance. Mumbai is being developed as Global Cyber Security Centre of Expertise and is responsible as well accountable for the delivery of the services provided by the IS & IT Risk function globally. This role will support a global function of Incident Management Organisation Information Security as well as the operation of a business as usual capability. Lead a leveraged incident response team and effectively perform incident response task. Presents incident response report and lessons learned to management. Identify and recommend process improvements. Provide security control enhancement recommendations based on security incident data. Mature the Security Incident Response process to ensure it meets the needs of the global business and is adhered to. Respond and perform technical security investigations on security incidents, root cause analysis, recommend and mitigate the effects caused by an incident. Communicate and build effective relationships with people at all levels. Demonstrate that you are an effective communicator (both verbally and in writing) and a supportive team player, taking a consultative rather than confrontational approach whilst maintaining the integrity and independence of the Information Security function.
Manager or manager of people (to include number of reports) or individual contributor: Individual contributor
Geographic scope of role: Global
Budgetary and risk management responsibilities: N/A
Revenue responsibilities: N/A
*Incident Management (75 %):
- Confirming whether reported incidents are actually security incidents
- Classifying the incident according to Organisations incident classification categories
- Managing security incidents to ensure they are confirmed, contained, and remediated in a timely manner
- Escalating incidents within Information Security when required
- Ensuring a root cause analysis is performed when appropriate
- Ensuring all required documentation is recorded
- Operationalize actionable intelligence reports from the Threat Intelligence team and external sources
- Coordinate the initial workflow and response for varying incident types with internal and external teams
- Collaborate with operational support staff to ensure they are actively engaged in potential security threats and concerns
- Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
- Communicates alerts regarding intrusions and compromises to network infrastructure, applications and operating systems along with Data Leakage incidents.
- The candidate must have insight into industry trends, current attack techniques, threat intelligence .
- Constantly evaluate the ever-changing threat landscape, take feedback from stakeholders, clients to determine any gaps organization may have with their existing policies and programs
*Business As Usual (25%)
- Supporting business and clients requirements, including responding to client enquiries which come to the ad-hoc mailbox.
- Forwarding enquiries to the appropriate teams
- Undertaking such other tasks and responsibilities as assigned by the CISO / ISM
#Communications and Relationships:
- With the CISO, IT Security Directors and security team; Information Security Programme Manager and project managers, Risk & Compliance, Legal, Audit, IT, Procurement and other support functions as well as operational management and client-facing teams.
*External: Customers and suppliers
- Global Business Knowledge
- Cross-Cultural Resourcefulness
- Cross-Cultural Agility
- Assignment Hardiness
- Cross-Cultural Sensitivity
- Conflict Management
- Organizational Agility
- Customer Focus
- Integrity and Trust
- Personal Learning
#Required Qualifications, Skills, Knowledge, Experience:
- Qualified to degree level, preferably in a business, IT or security related subject.
- Be interested in developing skills and knowledge in information security, and willing to work towards appropriate professional qualifications, such as Security+, CEH, CHFI & CISSP.
- Formal training in security, risk management or compliance is beneficial.
- Whilst this is not a hands-on technical role, the role holder will be expected to demonstrate a strong awareness of technology and how IT is used to enable business processes.
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks
- Ability to work with business, security, Legal, and IT representatives
- Ability to document and escalate Security Incidents including events, history, status, and potential impact
- Proven ability to work in global collaborative group environment
- Experience working with a high degree of autonomy, managing own workload and delivering to tight timescales
- Strong communication skills, both oral and written
- Strong organizational skills
- Basic understanding of global privacy and breach notification requirements
- Basic understanding of chain of custody and evidence preservation
- Organised and methodic
Having forged a strong network of corporate relations, with our ability to serve them for HR... requirements and training Programmes with our Expertise acquired through years, Finish assignments before deadlines, along with being accurate to the requirements, has made us a force in reckoning. Read full description