Philips Sr Information Security Manager 

India, Karnataka 

733360211

Sr. Information Security Manager
Job Description

As a Senior Information Security Manager, you will be responsible for developing, implementing and monitoring a
strategic, comprehensive IT security program while ensuring compliance with regulatory requirements, and
mitigating risks to the organization's information assets. Information Security Manager will provide the vision and
leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective
governance, system and infrastructure availability, integrity and confidentiality.
Key Responsibilities:

• Develop and execute a strategic information security plan aligned with organizational objectives.
• Establish and maintain policies, standards, and procedures to ensure the confidentiality, integrity, and
availability of healthcare information.• Identify and assess information security risks, conducting regular risk assessments and vulnerability
assessments.
• Develop and implement risk mitigation strategies and controls to protect against potential threats.• Ensure compliance with relevant healthcare regulations, such as HIPAA and other industry-specific
standards.
• Stay abreast of changes in regulatory requirements and update policies and procedures accordingly.• Lead the development and execution of incident response plans.
• Coordinate responses to security incidents, conduct post-incident analysis, and implement corrective
actions.• Develop and deliver information security training programs for employees at all levels.
• Foster a culture of security awareness throughout the organization.• Design and implement a robust security architecture, incorporating the latest technologies and best
practices.
• Collaborate with IT teams to ensure that security is integrated into system development and deployment
processes.• Evaluate and manage the security posture of third-party vendors and partners.
• Establish and maintain strong relationships with vendors to ensure the security of products and services.

Information Security Manager needs to have a strong understanding of the below-mentioned areas:

• Threat modelling
• Security Testing (includes Dynamic and static Security Testing),
• Application Architecture review
• Information Security, Cloud & Network Security Architecture Review
• Define Security Use Cases
• Cloud Platform Security
• Data Lake Security
• Network Segmentation
• Cyber Security Framework Based on Industry Standard / Best Practices
• Microsoft Defender Implementation and Monitoring (Malware, EDR, ATP)
• Microsoft 365 Security
• Designing of Conditional Access Policy

• Develop and maintain robust security controls to protect Philips’s business from security breaches/
incidents.
• Deliver security demand from the business for security controls.
• Gather Security Management Framework and information security architectural requirements and drive
compliance of Enterprise IT systems against those requirements.
• Manage the risk profile of the IT systems and Suppliers
• Drive education and awareness activities across the platform and Enterprise IT.
• Evaluate new cybersecurity threats and IT trends and develop effective security controls.
• Establish regular governance with service owners to review security control status
• Liaison with Philips Information Security Office in driving the security Improvement Program
• Evaluate potential security breaches, coordinate response, and recommend corrective actions.
• Define and report on information security KPIs.
• Organize the preparation of the security status dashboards including presentation to executive
management.
• Analyze application end to end, prepare threat modelling (STRIDE, PASTA & DREAD) based on different
risk scenarios and drive to fix those risks
• Cloud Security Management that includes Security Posture Management, Security Baseline, Code
validation for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard
Firewall Management, Docker Security, Kubernetes security
• Prepare security use cases / functional requirements that new solutions need to meet. Validate those
requirements are met when the solution is delivered
• Perform API Security testing that includes – API inventory, logging and monitoring, API Gateway Security,
API Services Security.
• Exposure to network security which includes network segmentation, DDoS, Network Devices Security
Baselining and monitoring, and firewall rules review for any deviation.
• Application Security – integration of security tooling with CI/CD pipeline, review of security reports and
follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code
Review etc.
• Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication,
design conditional access policy
• Management of foundational security tooling e.g. tools like Defender, EDR, Vuln Mgmt, CMDB agent.
• Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real
threat actors.
• Perform attack pattern analysis based on MITRE Attack framework, support solution development to
address the pattern
• Define Data Protection roadmap and work with architecture to meet the requirement. Deploy data
protection tools like CASB, DLP etc.

To succeed in this role, you should have the following skills and experience
Soft Skills

• Excellent English language communication skills, both verbal and written. Cross-cultural etiquette,
customer-centric and collaborative mindset.
• Works autonomously within established procedures and practices.
• Good command of stakeholder management, judgement, conflict resolution, risk & mitigations.
• Provides leadership to the global team at strategic, tactical, and operational levels
• Maintains current knowledge of industry and regulatory trends and developments for enterprise
technology.
• Specialized in several Security domains such as incident response, operational assessment of security
posture, and general security management.
• Thorough understanding of Security Management principles, Security governance principles

• Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering
security solutions.
• Overall Enterprise IT Security experience of 10 yrs or more.
• Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.