Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

Philips Information Security Lead 
India, Maharashtra 
893256946

06.09.2024
Information Security Lead
Job Description

Information Security Lead need to be strong in the below mentioned areas:

  • Threat modelling

  • Security Testing (includes Dynamic, Static Security Testing),

  • Penetration Testing

  • Application Architecture review

  • Cloud Security Architecture Review

  • Define Security Use Cases

  • Cloud Platform Security

  • API Security

  • Open AI/GenAI Security

  • Data Lake Security

  • Modern Authentication

  • SDLAN Security

  • Network Segmentation

  • MITRE Attack Framework

  • Cyber Security Framework based on Industry Standard / Best Practices

  • CIS Baseline Validation

  • Microsoft Defender Implementation and Monitoring (Malware, EDR, ATP)

  • Microsoft 365 Security

  • Designing of Conditional Access Policy

You are responsible to:

  • Develop and maintain robust security controls to protect Philips business from security breaches/ incidents.

  • Deliver security demand from the business for security controls.

  • Gather Security Management Framework and information security architectural requirements and drive compliance of Enterprise IT systems against those requirements.

  • Manage risk profile of the IT-systems and Suppliers

  • Drive education and awareness activities across platform and Enterprise IT.

  • Evaluate new cybersecurity threats and IT trends and develops effective security controls.

  • Establish regular governance with service owners to review security controls status

  • Liaison with Philips Information Security Office in driving security Improvement Program

  • Evaluate potential security breaches, coordinates response, and recommend corrective actions.

  • Define and report on information security KPIs.

  • Organize the preparation of the security status dashboards including presentation to executive management.

  • Analyze application end to end, prepare threat modeling (STRIDE, PASTA & DREAD) based on different risk scenarios and dirve to fix those risks

  • Cloud Security Management that includes Security Posture Management, Security Baseling, Code validation for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard Firewall Management, Docker Security, Kubernetes securtiy

  • Prepare security use cases / functional requirements that new solutions need to meet. Validate those requirements are met when the solution is delivered

  • Perform API Security testing that includes – API inventory, logging and monitoring, API Gateway Security, API Services Security.

  • Exposure to network security which includes network segmentation, DDoS, Network Devices Security Baselining and monitoring, firewall rules review for any deviation.

  • Application Security – integration of security tooling with CI/CD pipeline, review of security reports and follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code Review etc.

  • Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication, design conditional access policy

  • Management of foundational security tooling e.g. tools like Defender, EDR, Vuln Mgmt, CMDB agent.

  • Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real threat actors.

  • Perform attack pattern analysis based on MITRE Attack framework, support solution development to address the pattern

  • Define Data Protection roadmap and work with architecture to meet the requirement. Deploy data protection tools like CASB, DLP etc.

Soft Skills

  • Excellent English language communication skills, both verbal and written. Cross-cultural etiquettes, customer centric and collaborative mindset.

  • Works autonomously within established procedures and practices.

  • Good command on stakeholder management, judgement, conflict resolution, risk & mitigations.

  • Provides leadership to the global team at strategic, tactical, and operational level

  • Maintains current knowledge of industry and regulatory trends and developments for the enterprise technology.

  • Specialized in a number of Security domains such as incident response, operational assessment of security posture, general security management.

  • Thorough understanding of Security Management principles, Security governance principles

Qualification

  • Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering security solutions.

  • Overall Enterprise IT Security experience of 10 yrs or more.

  • Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.

In return, we offer you

• Learn more about .
• Discover .
• Learn more about .