Feb 09, 2017
As part of the Information Security and IT Risk senior management team, you will lead the strategy, management, ongoing improvement of our global Cyber Defence Centre to address evolving threats and respond to incidents. You will lead the CDC team and work with business leaders, IT leaders, clients and partners to build an effective security capability including people, processes and new technologies to protect critical data and technology assets from advanced threats. With exceptional technical knowledge, calm approach under pressure, and a genuine passion for security, you will also be an exceptional communicator, explaining out cyber defence posture and approach to clients, boards, regulators and committees. You may be asked to deputise for the Global Cyber Security Leader as required. Supported by a management team, manage the operational activities of the Cyber Defence Centre team and drive continuous improvement. Plan, design, implement and execute regular incident readiness and response testing (Red team / Blue team, etc.) involving IT, partners and management. Ensure data sets that have been produced in response to security incidents are validated and correct. Define and maintain effective global operational processes, policies and procedures Ensure legal, regulatory and client requirements are met Provide effective and response support to the global business, clients and partners Identify, prioritize and lead delivery of local Cyber Defence Centre change projects and improvements, and contribute towards delivery of global Cyber Security projects. Work closely with business leaders and other IT departments (notably IT Architecture, IT Operations) to ensure the effective design and operation of both business and technical controls. Effective management, development and support for the global team. Internal: With the CISO, IT Security Directors and security team; Information Security Programme Manager and project managers, Risk & Compliance, Legal, Audit, IT, Procurement and other support functions as well as operational management and client-facing teams. External: Customers and suppliers Job Requirements: Cross-Cultural Resourcefulness Cross-Cultural Agility Cross-Cultural Sensitivity Humility Assignment Hardiness Strategic Vision People Leadership Conflict Management Expertise in Information Security Organizational Agility Customer Focus / Relationship Management Comfort around higher management Integrity and Trust Personal Learning Business Acumen Result Focus / Energy & Drive Qualifications: Qualified to degree level, preferably in a business, IT or security related subject. Hold and maintain appropriate Information Security professional qualifications, such as CISSP or CISM, technical security and technology such as OSCP, CEH or GIAC. The role holder will be able to demonstrate a commitment to security and strong environmental awareness through continued professional development and learning Whilst this is not a hands-on technical role, the role holder will be expected to demonstrate competence and credibility through qualifications or equivalent experience in relevant areas such as project management and business processes (e.g. Prince2, ITIL), Data Protection and legal / regulatory aspects of security, security incident management, or technical IT security (e.g. vendor certifications, CompTIA, GIAC). Skills Proven information security competency Proactive rather than reactive Strong team player with good interpersonal and influencing skills, and both business and technical credibility. Ability to work under pressure to tight timelines and without direct supervision. Calm, organised and methodical Excellent analytical problem solving skills Strong communication skills, both orally and in writing Exceptional relationship management skills and an ability to communicate effectively at all levels of the organisation. Commercial awareness Agile and responsive approach to meeting business, security and technology objectives and delivering continuous improvement. Knowledge/Experience: Essential Leadership experience in Information Security, I.T. Security or a closely related function, in a regulated enterprise environment or a large public sector organisation Experience of managing and developing a team of technical specialists, delivering control improvements, driving forward change and implementing strategic change projects Comprehensive understanding of security threats, risks and countermeasures and ability to apply in a practical context at all stages of the kill chain Provide management oversight of all aspects of the incident response cycle, including the identification, triage and response to events Hands-on operational security experience including use of Excel, SQL, DBMS, and open-source tools, as well as shell scripting and programming languages to validate data sets produced in response to security incidents Technical understanding including TVM, DLP, APT, SIEM, perimeter security, content filtering, packet flows, IPS/IDS, etc In-depth understanding of currently supported versions of Microsoft Windows Server and Active Directory, as well as products such as SCCM and SCOM Thorough understanding of technical security countermeasures and awareness of external and internal threat landscape Knowledge of security standards, frameworks, regulation and legislation At least 10 years’ experience working as part of a mature Cyber Defence Centre / Security Operation Centre function in a large enterprise Experience of working with a high degree of autonomy, managing own workload and delivering to tight timescales. Experience of working in a regulated environment, not necessarily insurance or financial services. Fluent Business English essential (Written/Oral). Other languages are an advantage. This role will be based in a geographic location appropriate to the needs of the business, and appropriate local language skills may be required. Some travel between offices may be required, including international travel.
Mumbai, Maharashtra, India