Head Security – DOP – Delhi

Job Title

Head of Security / Chief Information Security Officer

Job Overview

The head of security is responsible for all aspects of information security for DoP’s systems in ensuring Confidentiality, Integrity, and Availability of its IT systems both proactively and reactively. He/She Ensures highly secure and compliant computing architectures and security systems are implemented along with certifications to address the security, risk, and compliance needs of DoP’s applications, IT infrastructure, Network, and cloud-native workloads. He/She is also responsible for implementation of Security Operating Procedure related security dashboard. He/She takes on the continual development of security process and controls across DoP business.

Responsibilities and Duties

Supports the business in implementing architecture and security systems to meet security and compliance requirements to drive down information security risk.

Defends the business by building and implementing security process and procedure to protect and respond to risk.

Promotes responsible behavior by improving the culture internally to ensure all staff are protecting against possible security incidents.

Continuous improvement by ensuring security updates and implemented as and when necessary.

Build the security team and help towards ISO27001 implementation.

Ensures security documentation and leads DoP through security compliance processes, accreditations, and/or authority to operate lifecycles.

Design security architectures to meet DoP’s data classifications' requirements, including privacy legislation and its impact on technical architecture.

Manage the development, refresh, and implementation of security

policies, standards, guidelines, and procedures.

Implements remedies for latest and emerging vulnerabilities.

Recognize areas for security improvements within the platform’s automation, access controls, network, automated compliance, alerting, and forensics

Define and support secure continuous delivery approaches including tooling and automated testing.

Provide regular reports auditing DoP’s current services and latest changes, as well as our internal practices.

Responsible for guiding the security teams in planning, implementing, and managing the overall system security strategy.

Implement new processes with the goal to optimize DoP's security system.

Recommend security systems based on findings of security inspection.

Establish & deliver centralized reporting within DoP on the effectiveness of the information & product security function and its performance against strategic objectives.

Prioritize design of the DoP Process Framework processes (including resource allocation) based on the agreed compliance requirements, business requirements and the underpinning IT.

Support/localize product & information security awareness, training, and education programs.

Establishing, prioritizing, and approving the compliance, regulatory & interface requirements, high level project planning, changes, improvements, and defect corrections.

Support a change control board which monitors and controls the ongoing processes and IT tool to meet current and new business requirements,

manage change requests and works with other systems/processes.

Educational

Bachelor’s degree in engineering, computer science, or computer

engineering.

Certification

Security specialist certification such as CISSP/CISM/CRISC or above preferred.

Work Experience

20+ years in implementation/consulting experience with Security, Compliance, and Risk Management including a mix of hands-on technical architecture work along with compliance and oversight

Great understanding of ISO27001, certification/recertification, implement policy according to legislation

Security Auditing experience

Business process understanding, able to understand general business operation activities to avoid business down time.

Expert knowledge and implementation experience of information security principles, policy enforcement, operating systems, web applications, and a high-level of familiarity with malicious code uses, OWASP Top 10, and common techniques used by hackers.t

Thorough understanding of Network & Security BoQ their implementation in IT infrastructure, CDN & applications.

Hands-on experience with secure networking design concepts, services such as DNS, HTTPS, and TLS, as well as securing software-defined systems.

Understanding of network security (incl. Network and Host IDS/IPS, WAF, SIEM, Antimalware, DLP, URL filtering, IDAM, SSO, other)

Experience with incident response, and understanding malwares such as worms, viruses and trojans and counter measures. Experience in designing architectures to meet security and compliance requirements for public sector entities.

Experience building Security documentation packages and leading organizations through Security compliance processes, accreditations, and/or authority to operate life cycles.

Experience presenting Security technical and compliance material to both