Roles and Responsibilities
Head of Security / Chief Information Security Officer
The head of security is responsible for all aspects of information security for DoP’s systems in ensuring Confidentiality, Integrity, and Availability of its IT systems both proactively and reactively. He/She Ensures highly secure and compliant computing architectures and security systems are implemented along with certifications to address the security, risk, and compliance needs of DoP’s applications, IT infrastructure, Network, and cloud-native workloads. He/She is also responsible for implementation of Security Operating Procedure related security dashboard. He/She takes on the continual development of security process and controls across DoP business.
Responsibilities and Duties
Supports the business in implementing architecture and security systems to meet security and compliance requirements to drive down information security risk.
Defends the business by building and implementing security process and procedure to protect and respond to risk.
Promotes responsible behavior by improving the culture internally to ensure all staff are protecting against possible security incidents.
Continuous improvement by ensuring security updates and implemented as and when necessary.
Build the security team and help towards ISO27001 implementation.
Ensures security documentation and leads DoP through security compliance processes, accreditations, and/or authority to operate lifecycles.
Design security architectures to meet DoP’s data classifications' requirements, including privacy legislation and its impact on technical architecture.
Manage the development, refresh, and implementation of security
policies, standards, guidelines, and procedures.
Implements remedies for latest and emerging vulnerabilities.
Recognize areas for security improvements within the platform’s automation, access controls, network, automated compliance, alerting, and forensics
Define and support secure continuous delivery approaches including tooling and automated testing.
Provide regular reports auditing DoP’s current services and latest changes, as well as our internal practices.
Responsible for guiding the security teams in planning, implementing, and managing the overall system security strategy.
Implement new processes with the goal to optimize DoP's security system.
Recommend security systems based on findings of security inspection.
Establish & deliver centralized reporting within DoP on the effectiveness of the information & product security function and its performance against strategic objectives.
Prioritize design of the DoP Process Framework processes (including resource allocation) based on the agreed compliance requirements, business requirements and the underpinning IT.
Support/localize product & information security awareness, training, and education programs.
Establishing, prioritizing, and approving the compliance, regulatory & interface requirements, high level project planning, changes, improvements, and defect corrections.
Support a change control board which monitors and controls the ongoing processes and IT tool to meet current and new business requirements,
manage change requests and works with other systems/processes.
Bachelor’s degree in engineering, computer science, or computer
Security specialist certification such as CISSP/CISM/CRISC or above preferred.
20+ years in implementation/consulting experience with Security, Compliance, and Risk Management including a mix of hands-on technical architecture work along with compliance and oversight
Great understanding of ISO27001, certification/recertification, implement policy according to legislation
Security Auditing experience
Business process understanding, able to understand general business operation activities to avoid business down time.
Expert knowledge and implementation experience of information security principles, policy enforcement, operating systems, web applications, and a high-level of familiarity with malicious code uses, OWASP Top 10, and common techniques used by hackers.t
Thorough understanding of Network & Security BoQ their implementation in IT infrastructure, CDN & applications.
Hands-on experience with secure networking design concepts, services such as DNS, HTTPS, and TLS, as well as securing software-defined systems.
Understanding of network security (incl. Network and Host IDS/IPS, WAF, SIEM, Antimalware, DLP, URL filtering, IDAM, SSO, other)
Experience with incident response, and understanding malwares such as worms, viruses and trojans and counter measures. Experience in designing architectures to meet security and compliance requirements for public sector entities.
Experience building Security documentation packages and leading organizations through Security compliance processes, accreditations, and/or authority to operate life cycles.
Experience presenting Security technical and compliance material to both
technical and non-technical DoP customers.
Experience in working with multi-functional teams and large teams especially in the public sector
Experience with Hybrid & Multi-Cloud security architectures.
Experience in the design, implementation, and certification of security controls.
Experience with managing the security implications of migrations from on prem /Mainframe to Cloud; and designing security postures for Cloud native applications.
Experience In developing and implementing security operating procedure
Experience of Root Cause Analysis
Fantastic leadership skills (proven)
Problem analysis and resolution ability
Able to communicate well at senior and board level to help others understand risk.
Attention to detail.
Excellent organizational skills.
Strong team player.
Collaboration with various stakeholders across teams.
Capable of working independently.
Proactive initiative skills.
*Qualification and Experience may be relaxed in case of exceptional Candidates
Role:IT Security - Other
Salary: Not Disclosed by Recruiter
Industry:IT Services & Consulting
Functional AreaIT & Information Security
Role CategoryIT Security
Employment Type:Full Time, Temporary/Contractual
UG:B.Tech/B.E. in Any Specialization
National Institute for Smart Government (NISG)