Job DescriptionSpecific job responsibilities include:
- Assist Philips business units in the development and implementation of product security and Privacy practices including policies, standards, guidelines, and procedures.
- Verify that security and privacy requirements defined in the security plans, policies, and procedures are followed and protection measures are functioning as intended.
- Conduct security and privacy reviews to determine compliance.
- Guide the business unit in their management of the resolution of security audit or review findings.
- Provide security risk management and security advice as well as advice on strategic direction relating to product and information security.
- Work with deployment/operations information security officer to proactively and cooperatively communicate and mitigate risks.
- Assist with security incidents and review risk and impact of breaches to protected systems.
- Participate in architecture and design of services providing information and product security advice.
- Review proposed services, engineering changes, and feature requests for security implications and needed security controls.
Technical skills and experience:
- 10 - 14 years of security experience including responsibility for the security of a software application and IT infrastructure including defining product security roadmap
- Product/Information security experience in all phases of service development and deployment including architecture, design, development, testing, release, and operational maintenance
- Incident management, including analysis and response
- Experience in designing security solutions.
- Experience in assessing security of-iaas, paas, saas platforms would be helpfull
- Experience with software development especially skills in programming languages and frameworks such as Java, spring, SOAP & REST API in a Linux/Tomcat environment will be helpful
- Sound understanding of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA).
- Global working experience in enterprise application development & Cloud Computing
- Technical leadership experience in the Software Security field.
- Experience and knowledge of penetration testing methodologies and tools.
- Conducting information security analyses, audits, and reviews
· Exposure to Laws and regulations on privacy, data protection, and breach notification
· (95/46/EC, GDPR, HIPAA, PIPEDA, ISO/TS 14265, 21CFR820, SB1386, etc.)
• Bachelor degree in technical stream required ( BE, ME, MS, MCA)
• Degree or concentration in Computer Science, Information Systems, Information Security or similar preferred.
Ideal candidate will have one of the following certifications
- Security- CISSP, CISM, SABSA, CEH
- Privacy - CIPP, CIPM, CIPT