HDFC Life
Location
Mumbai | India
Job description
What does the job entail? The person appointed will be part of the Global Information Security Team and responsible for defining and embedding best practice information security policies, standards and processes based on ISO 27001, NIST Cyber Security Framework (CSF), etc. for HDFC Pension. Reporting to the Chief Information Security Officer, this role will principally advise and enable technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns. Have a proactive responsibility to assist in the delivery of secure systems and implement proportionate controls by working with Business, Risk, IT teams and 3rd party vendors.
Roles and Responsibilities : • Implementing policies and procedures to keep your organization in compliance with current legislation and standards. • Providing employees with security training. It is critical that all employees understand how their everyday job actions affect the overall security of the company. Training staff on defined policies and procedures on an ongoing basis. • Facilitate to take corrective and preventive action if an employee breaks the policies or procedures. Understanding the security threats connected with various job functions is part of this. • Collaborate with employees to understand how the policies affect their regular work activities. • Keeping the infrastructure secure by supervising the IT auditing procedure (e.g., penetration testing, vulnerability assessments, etc.). You will also be in charge of assessing all audit results and making necessary infrastructure adjustments. • Ensuring that company's data is protected using the most secure technologies available. This means you'll have to keep up with new threats, vulnerabilities, and exploits as they emerge. • Be aware of any potential harm the new threats may have on your network infrastructure and existing security procedures. • Maintaining the security of all applications, networks, and systems that interact with the outside world. This involves ensuring that all third-party service providers are held to the same security standards as the internal users. • Serving as a point of contact for high-risk vulnerabilities and occurrences. This includes assessing the risk associated with new threats, vulnerabilities, and exploits before deciding how to respond to them. You must also be able to make decisions about when to tell senior management about emerging threats and their possible impact on your organization's infrastructure. • Lead on compliance reviews, certifications and accreditations (e.g. ISO27001, Cyber Essentials, DPDP Act etc.). • Implement effective and appropriate GRC controls and measures to protect systems and data. • Identify, communicate and manage current and emerging security threats with relevant stakeholders. • Develop Information security compliance frameworks, security policies and procedures, where necessary. • Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices. • Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable. • Work with Global Information Security Team, Security partners, Managed Security Service Provider (MSSP) to conduct and review regular security assessments (Pen tests, Vulnerability scans etc) of vendors and solutions (SaaS, IaaS providers and MSSP). Work Experience/Qualification : • Comprehensive understanding of Information Security Frameworks (e.g. ISO 27001, NIST CSF, Cobit etc.) • Monitoring and reporting on compliance with security and data protection policies, as well as the enforcement of policies. • Working knowledge of Security Architecture and potential security issues related to them PaaS, IaaS, SaaS and understanding of IAM, and Data Loss Prevention in a Microsoft Azure environment. • Knowledge of security technologies such as IDS/IPS, vulnerability testing and Firewalls. • Familiar with HMG Security Policy Framework requirements and Government Security ClassificationsJob tags
Salary
