Philips Information Security Lead 

India, Maharashtra 

893256946

Information Security Lead
Job Description

Information Security Lead need to be strong in the below mentioned areas:

• Threat modelling

• Security Testing (includes Dynamic, Static Security Testing),

• Penetration Testing

• Application Architecture review

• Cloud Security Architecture Review

• Define Security Use Cases

• Cloud Platform Security

• API Security

• Open AI/GenAI Security

• Data Lake Security

• Modern Authentication

• SDLAN Security

• Network Segmentation

• MITRE Attack Framework

• Cyber Security Framework based on Industry Standard / Best Practices

• CIS Baseline Validation

• Microsoft Defender Implementation and Monitoring (Malware, EDR, ATP)

• Microsoft 365 Security

• Designing of Conditional Access Policy

You are responsible to:

• Develop and maintain robust security controls to protect Philips business from security breaches/ incidents.

• Deliver security demand from the business for security controls.

• Gather Security Management Framework and information security architectural requirements and drive compliance of Enterprise IT systems against those requirements.

• Manage risk profile of the IT-systems and Suppliers

• Drive education and awareness activities across platform and Enterprise IT.

• Evaluate new cybersecurity threats and IT trends and develops effective security controls.

• Establish regular governance with service owners to review security controls status

• Liaison with Philips Information Security Office in driving security Improvement Program

• Evaluate potential security breaches, coordinates response, and recommend corrective actions.

• Define and report on information security KPIs.

• Organize the preparation of the security status dashboards including presentation to executive management.

• Analyze application end to end, prepare threat modeling (STRIDE, PASTA & DREAD) based on different risk scenarios and dirve to fix those risks

• Cloud Security Management that includes Security Posture Management, Security Baseling, Code validation for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard Firewall Management, Docker Security, Kubernetes securtiy

• Prepare security use cases / functional requirements that new solutions need to meet. Validate those requirements are met when the solution is delivered

• Perform API Security testing that includes – API inventory, logging and monitoring, API Gateway Security, API Services Security.

• Exposure to network security which includes network segmentation, DDoS, Network Devices Security Baselining and monitoring, firewall rules review for any deviation.

• Application Security – integration of security tooling with CI/CD pipeline, review of security reports and follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code Review etc.

• Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication, design conditional access policy

• Management of foundational security tooling e.g. tools like Defender, EDR, Vuln Mgmt, CMDB agent.

• Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real threat actors.

• Perform attack pattern analysis based on MITRE Attack framework, support solution development to address the pattern

• Define Data Protection roadmap and work with architecture to meet the requirement. Deploy data protection tools like CASB, DLP etc.

Soft Skills

• Excellent English language communication skills, both verbal and written. Cross-cultural etiquettes, customer centric and collaborative mindset.

• Works autonomously within established procedures and practices.

• Good command on stakeholder management, judgement, conflict resolution, risk & mitigations.

• Provides leadership to the global team at strategic, tactical, and operational level

• Maintains current knowledge of industry and regulatory trends and developments for the enterprise technology.

• Specialized in a number of Security domains such as incident response, operational assessment of security posture, general security management.

• Thorough understanding of Security Management principles, Security governance principles

Qualification

• Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering security solutions.

• Overall Enterprise IT Security experience of 10 yrs or more.

• Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.

In return, we offer you

• Learn more about .
• Discover .
• Learn more about .