Philips
Location
Bangalore | India
Job description
Job Title u2013 Information Security Manager
Job Location - Bangalore
In this role, you have the opportunity to
As a Senior Information Security Manager, you will be responsible for developing, implementing and monitoring a
strategic, comprehensive IT security program while ensuring compliance with regulatory requirements, and
mitigating risks to the organization's information assets. Information Security Manager will provide the vision and
leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective
governance, system and infrastructure availability, integrity and confidentiality.
Key Responsibilities:
Information Security Strategy:
u2022 Develop and execute a strategic information security plan aligned with organizational objectives.
u2022 Establish and maintain policies, standards, and procedures to ensure the confidentiality, integrity, and
availability of healthcare information.
Risk Management:
u2022 Identify and assess information security risks, conducting regular risk assessments and vulnerability
assessments.
u2022 Develop and implement risk mitigation strategies and controls to protect against potential threats.
Compliance and Standards:
u2022 Ensure compliance with relevant healthcare regulations, such as HIPAA and other industry-specific
standards.
u2022 Stay abreast of changes in regulatory requirements and update policies and procedures accordingly.
Incident Response:
u2022 Lead the development and execution of incident response plans.
u2022 Coordinate responses to security incidents, conduct post-incident analysis, and implement corrective
actions.
Security Awareness and Training:
u2022 Develop and deliver information security training programs for employees at all levels.
u2022 Foster a culture of security awareness throughout the organization.
Security Architecture:
u2022 Design and implement a robust security architecture, incorporating the latest technologies and best
practices.
u2022 Collaborate with IT teams to ensure that security is integrated into system development and deployment
processes.
Vendor Management:
u2022 Evaluate and manage the security posture of third-party vendors and partners.
u2022 Establish and maintain strong relationships with vendors to ensure the security of products and services.
Information Security Manager needs to have a strong understanding of the below-mentioned areas:
u2022 Threat modelling
u2022 Security Testing (includes Dynamic and static Security Testing),
u2022 Application Architecture review
u2022 Information Security, Cloud & Network Security Architecture Review
u2022 Define Security Use Cases
u2022 Cloud Platform Security
u2022 Data Lake Security
u2022 Network Segmentation
u2022 Cyber Security Framework Based on Industry Standard / Best Practices
u2022 Microsoft Defender Implementation and Monitoring (Malware, EDR, ATP)
u2022 Microsoft 365 Security
u2022 Designing of Conditional Access Policy
You are responsible to:
u2022 Develop and maintain robust security controls to protect Philipsu2019s business from security breaches/
incidents.
u2022 Deliver security demand from the business for security controls.
u2022 Gather Security Management Framework and information security architectural requirements and drive
compliance of Enterprise IT systems against those requirements.
u2022 Manage the risk profile of the IT systems and Suppliers
u2022 Drive education and awareness activities across the platform and Enterprise IT.
u2022 Evaluate new cybersecurity threats and IT trends and develop effective security controls.
u2022 Establish regular governance with service owners to review security control status
u2022 Liaison with Philips Information Security Office in driving the security Improvement Program
u2022 Evaluate potential security breaches, coordinate response, and recommend corrective actions.
u2022 Define and report on information security KPIs.
u2022 Organize the preparation of the security status dashboards including presentation to executive
management.
u2022 Analyze application end to end, prepare threat modelling (STRIDE, PASTA & DREAD) based on different
risk scenarios and drive to fix those risks
u2022 Cloud Security Management that includes Security Posture Management, Security Baseline, Code
validation for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard
Firewall Management, Docker Security, Kubernetes security
u2022 Prepare security use cases / functional requirements that new solutions need to meet. Validate those
requirements are met when the solution is delivered
u2022 Perform API Security testing that includes u2013 API inventory, logging and monitoring, API Gateway Security,
API Services Security.
u2022 Exposure to network security which includes network segmentation, DDoS, Network Devices Security
Baselining and monitoring, and firewall rules review for any deviation.
u2022 Application Security u2013 integration of security tooling with CI/CD pipeline, review of security reports and
follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code
Review etc.
u2022 Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication,
design conditional access policy
u2022 Management of foundational security tooling e.g. tools like Defender, EDR, Vuln Mgmt, CMDB agent.
u2022 Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real
threat actors.
u2022 Perform attack pattern analysis based on MITRE Attack framework, support solution development to
address the pattern
u2022 Define Data Protection roadmap and work with architecture to meet the requirement. Deploy data
protection tools like CASB, DLP etc.
You are a part of
Enterprise IT Security team working closely with Enterprise IT, IT Platform Leaders, CIO and CISO.
To succeed in this role, you should have the following skills and experience
Soft Skills
u2022 Excellent English language communication skills, both verbal and written. Cross-cultural etiquette,
customer-centric and collaborative mindset.
u2022 Works autonomously within established procedures and practices.
u2022 Good command of stakeholder management, judgement, conflict resolution, risk & mitigations.
u2022 Provides leadership to the global team at strategic, tactical, and operational levels
u2022 Maintains current knowledge of industry and regulatory trends and developments for enterprise
technology.
u2022 Specialized in several Security domains such as incident response, operational assessment of security
posture, and general security management.
u2022 Thorough understanding of Security Management principles, Security governance principles
Qualification
u2022 Bacheloru2019s or Masteru2019s degree in Information Technology and or commensurate experience in delivering
security solutions.
u2022 Overall Enterprise IT Security experience of 10 yrs or more.
u2022 Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.
In return, we offer you
A warm welcome to a challenging, innovative environment with great opportunities for you to explore. Quality is
right on the top of Philips leadership agenda and that means you have the unique opportunity to come in and have
a recognized voice to drive and witness exciting, transformational changes. You will be empowered to drive highquality,
groundbreaking innovations with a globally recognized, premium brand behind you. Next to that a
rewarding career in Philips with an attractive package
Why should you join Philips
Working at Philips is more than a job. Itu2019s a calling to create a healthier society through meaningful work, focused
on improving 2.5 billion lives a year by delivering innovative solutions across the health continuum. Our people
experience a variety of unexpected moments when their lives and careers come together in meaningful ways.
Learn more by watching this video.
To find out more about what itu2019s like working for Philips at a personal level, visit the Working at Philips page on our
career website, where you can read stories from our employee blog. Once there,you can also learn about our
recruitment process, or find answers to some of the frequently asked questions.
Job tags
Salary