המקום בו המומחים והחברות הטובות ביותר נפגשים
Information Security Lead need to be strong in the below mentioned areas:
Threat modelling
Security Testing (includes Dynamic, Static Security Testing),
Penetration Testing
Application Architecture review
Cloud Security Architecture Review
Define Security Use Cases
Cloud Platform Security
API Security
Open AI/GenAI Security
Data Lake Security
Modern Authentication
SDLAN Security
Network Segmentation
MITRE Attack Framework
Cyber Security Framework based on Industry Standard / Best Practices
CIS Baseline Validation
Microsoft Defender Implementation and Monitoring (Malware, EDR, ATP)
Microsoft 365 Security
Designing of Conditional Access Policy
You are responsible to:
Develop and maintain robust security controls to protect Philips business from security breaches/ incidents.
Deliver security demand from the business for security controls.
Gather Security Management Framework and information security architectural requirements and drive compliance of Enterprise IT systems against those requirements.
Manage risk profile of the IT-systems and Suppliers
Drive education and awareness activities across platform and Enterprise IT.
Evaluate new cybersecurity threats and IT trends and develops effective security controls.
Establish regular governance with service owners to review security controls status
Liaison with Philips Information Security Office in driving security Improvement Program
Evaluate potential security breaches, coordinates response, and recommend corrective actions.
Define and report on information security KPIs.
Organize the preparation of the security status dashboards including presentation to executive management.
Analyze application end to end, prepare threat modeling (STRIDE, PASTA & DREAD) based on different risk scenarios and dirve to fix those risks
Cloud Security Management that includes Security Posture Management, Security Baseling, Code validation for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard Firewall Management, Docker Security, Kubernetes securtiy
Prepare security use cases / functional requirements that new solutions need to meet. Validate those requirements are met when the solution is delivered
Perform API Security testing that includes – API inventory, logging and monitoring, API Gateway Security, API Services Security.
Exposure to network security which includes network segmentation, DDoS, Network Devices Security Baselining and monitoring, firewall rules review for any deviation.
Application Security – integration of security tooling with CI/CD pipeline, review of security reports and follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code Review etc.
Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication, design conditional access policy
Management of foundational security tooling e.g. tools like Defender, EDR, Vuln Mgmt, CMDB agent.
Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real threat actors.
Perform attack pattern analysis based on MITRE Attack framework, support solution development to address the pattern
Define Data Protection roadmap and work with architecture to meet the requirement. Deploy data protection tools like CASB, DLP etc.
Soft Skills
Excellent English language communication skills, both verbal and written. Cross-cultural etiquettes, customer centric and collaborative mindset.
Works autonomously within established procedures and practices.
Good command on stakeholder management, judgement, conflict resolution, risk & mitigations.
Provides leadership to the global team at strategic, tactical, and operational level
Maintains current knowledge of industry and regulatory trends and developments for the enterprise technology.
Specialized in a number of Security domains such as incident response, operational assessment of security posture, general security management.
Thorough understanding of Security Management principles, Security governance principles
Qualification
Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering security solutions.
Overall Enterprise IT Security experience of 10 yrs or more.
Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.
In return, we offer you
• Learn more about .
• Discover .
• Learn more about .
משרות נוספות שיכולות לעניין אותך