Philips Information Security Lead 

India, Karnataka 

961027416

Information Security Lead
Job Description

Information Security Lead need to be strong in the below mentioned areas:

• Threat modelling

• Security Testing (includes Dynamic, Static Security Testing),

• Penetration Testing

• Application Architecture review

• Cloud Security Architecture Review

• Define Security Use Cases

• Cloud Platform Security

• API Security

• Open AI/GenAI Security

• Data Lake Security

• Modern Authentication

• SDLAN Security

• Network Segmentation

• MITRE Attack Framework

• Cyber Security Framework based on Industry Standard / Best Practices

• CIS Baseline Validation

• Microsoft Defender Implementation and Monitoring (Malware, EDR, ATP)

• Microsoft 365 Security

• Designing of Conditional Access Policy

You are responsible to:

• Develop and maintain robust security controls to protect Philips business from security breaches/ incidents.

• Deliver security demand from the business for security controls.

• Gather Security Management Framework and information security architectural requirements and drive compliance of Enterprise IT systems against those requirements.

• Manage risk profile of the IT-systems and Suppliers

• Drive education and awareness activities across platform and Enterprise IT.

• Evaluate new cybersecurity threats and IT trends and develops effective security controls.

• Establish regular governance with service owners to review security controls status

• Liaison with Philips Information Security Office in driving security Improvement Program

• Evaluate potential security breaches, coordinates response, and recommend corrective actions.

• Define and report on information security KPIs.

• Organize the preparation of the security status dashboards including presentation to executive management.

• Analyze application end to end, prepare threat modeling (STRIDE, PASTA & DREAD) based on different risk scenarios and dirve to fix those risks

• Cloud Security Management that includes Security Posture Management, Security Baseling, Code validation for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard Firewall Management, Docker Security, Kubernetes securtiy

• Prepare security use cases / functional requirements that new solutions need to meet. Validate those requirements are met when the solution is delivered

• Perform API Security testing that includes – API inventory, logging and monitoring, API Gateway Security, API Services Security.

• Exposure to network security which includes network segmentation, DDoS, Network Devices Security Baselining and monitoring, firewall rules review for any deviation.

• Application Security – integration of security tooling with CI/CD pipeline, review of security reports and follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code Review etc.

• Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication, design conditional access policy

• Management of foundational security tooling e.g. tools like Defender, EDR, Vuln Mgmt, CMDB agent.

• Perform Defensive / Offensive assessment on ITenvironment/applicationsto simulate attacks from real threat actors.

• Perform attack pattern analysis based on MITRE Attack framework, support solution development to address the pattern

• Define Data Protection roadmap and work with architecture to meet the requirement. Deploy data protection tools like CASB, DLP etc.

To succeed in this role, you should have the following skills and experience

Soft Skills

• Excellent English language communication skills, both verbal and written. Cross-cultural etiquettes, customer centric and collaborative mindset.

• Works autonomously within established procedures and practices.

• Good command on stakeholder management, judgement, conflict resolution, risk & mitigations.

• Provides leadership to the global team at strategic, tactical, and operational level

• Maintains current knowledge of industry and regulatory trends and developments for the enterprise technology.

• Specialized in a number of Security domains such as incident response, operational assessment of security posture, general security management.

• Thorough understanding of Security Management principles, Security governance principles

Qualification

• Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering security solutions.

• Overall Enterprise IT Security experience of 8 years or more.

• Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.