Hiring for IT-System Security Program Lead at Kotak Life Full Time

Greetings from Kotak Life Insurance!!

Here is an opportunity to get associate and enhance your career with a leading brand

Job Location-Goregaon

Responsibilities :

Definition and revision of Secure Configuration Guidelines for different Platforms available in the environment
Define Secure Network Architecture Practices for infrastructure and application components
Conduct Secure Network Architecture & Application Architecture Reviews
Define Security Guidelines for Firewall Rule Configuration and conduct Firewall Rulebase Reviews Conduct External Penetration Testing, provide guidance to stakeholders for closure of findings and track their timely closure
Represent Information Security Team in Change Management Approval Board
Evaluate new initiatives / changes in existing environment to identify Information and Cyber Security Requirements
Define Security Guidelines for InfoSec Approvals for these domains
Provide InfoSec approvals on users requests (e.g. firewall rules, additional access rights – internet, admin rights, new software requirements)
Evaluate exceptions to identify risk, security controls & residual risk
Define metrics to measure effectiveness / maturity and build continuous improvement practices
Participate / Conduct POCs for new technology / tools, define security guidelines and provide recommendations
Manage new initiative / projects for this domain
Recommend / Implement new Security Practices / Processes / Controls across organization to enhance security posture
Support internal / external audits for these domains
Work as a Subject Matter Expert for CISO
Manage Team (1-2 members), Guide and mentor team, ensure training & skill development of the team

Experience-6 to 8 Years of relevant experience in Information Security Activities

CTC-10,00,000-12,00,000LPA

Other skill set:

Should have good technical knowledge and experience of
Secure network and application architecture practices
Secure Configuration Guidelines for various platforms
Networking, operating systems, sub-systems, database fundamentals, cloud security
Application Security Testing, Vulnerability Assessment, Penetration Testing, Secure Configuration Review (SCR) activities
Should have knowledge of RED Team assessment, various System Security tools (VA / SCR / AppSec Scanners, EDR, IPS, WAF etc.), MITRE ATT&CK Patterns
Should have experience to proactively identifying InfoSec requirements for new changes / requirements / new systems / devices
Knowledge of latest Cyber Security Trends & best practices
Should have worked on risk assessment activity to identify critical vulnerability, security controls, residual risks and set priorities for closure based on the criticality
Should have Team Management Experience
Should have good communication skills to clearly communicate requirements to technical and non-technical stakeholders / business heads

Tagged as: general / other software