Role : Head of Cyber Security
Job Level / Designation : L5
Function / Department : Technology Security
Location : Mumbai
Job Purpose To ensure that all critical information assets of Vodafone India are identified, classified, assessed and protected from Cyber-attacks.
To periodically identify security risks associated with the critical assets and ensuring that the same is mitigated adequately.
This role is also responsible for ensuring that the critical assets are integrated into the Security Event Monitoring System for 24X7 monitoring and ensuring that cyber-
attacks are detected and reported in time.
This role is also responsible for transforming and operating Technology Security baseline and security transformation projects (Application firewalls, IPS, DLP, GSOC, DDOS prevention, wireless IPS)with expected delivery under stringent deadline.
Design and implement projects for improving overall security and cyber security posture of the organization and meeting applicable requirements with expected delivery under stringent deadline.
Key Result Areas / Accountabilities :
Design, implementation & maintenance of a Cyber Security framework to periodically assess critical assets, risks, vulnerabilities, discover new risks, correlate the forensic analysis, integrate SOC intelligence and create a 360 degrees posture of cyber security.
Cyber Intelligence - identifying new threats and classification & assessment of critical information assets to identify risks associated with them and ensuring mitigation of the same.
This involves both internal assets & assets managed by third parties viz. vendors, partners etc.
This role is also responsible for ensuring that security controls are communicated during the design stage of a solution and ensuring that the same is implemented by conducting validation assessments.
This role is also expected to periodically conduct ethical hacking tests on critical infrastructure components & business / technology systems of Vodafone India to ensure that these assets are adequately protected.
This role has the authority to provide a security clearance for the go-live of systems / solutions. This role also has the authority to decide on the classification of risks, the mitigation controls for identified risks & acceptance of open risks.
Cyber Surveillance - Monitoring real-time incidents and events in SOC and Integration projects of critical telecom & non-
telecom assets into SIEM for 24X7 monitoring.
Cyber Discovery - Identifying relevant vulnerabilities in our environment (VA, PT, Appsec, MBSS, Sec Testing for 15K+ devices), Security planning and architecture, Security in IT demand management : Act as internal architect / consultant and front face for all new initiatives.
Evaluate all IT demands and review / recommend security requirements, controls. Risk evaluation and acceptance for controls. Risk tracking.
Cyber incident - Reporting incidents, coordination with Cert.in, DoT and Vodafone Group, Online reputation management and this role is also expected to provide security trainings & awareness sessions on privacy & security risk management to employees & partner personnel to ensure that people are made aware of the security & privacy requirements of Vodafone.
Proficiency in interacting with senior management.
Developing business centric security Dashboard and Reports.
Design and implement projects for improving overall security posture of the organization and meeting applicable requirements with expected delivery under stringent deadline.
Ability to co-ordinate and manage working group e.g. Pears, partners, regulators and cross function team members.
Strong team management, budget management and Internal or external governance.
Core Competencies, Knowledge, Experience :
Ensuring all cyber risks are identified and mitigated in Vodafone environment through proper discovery, detection, and mitigation of cyber-attacks.
Ensuring security risk assessment of critical business & technology processes & systems and also ensuring mitigation of identified risks, ensuring proper prevent ongoing attacks from external / Internal environment.
Also ensuring that security & privacy controls are incorporated from the design phase while development / conception of new business systems / processes.
Proactive cyber-attacks reporting and suggest mitigation controls against the attack, create threat intelligence on emerging indicators of compromise, technical intelligence.
Open source feeds, and dark web intelligence collection to ensure there is strong Cyber Intelligence to proactively detect and mitigate cyber-attacks.
Manage security testing program and Online reputation monitoring tool.
Ensure all IT Infrastructure security audits, execution of master calendar and SGP.
Oversee all internal & external audits pertaining to cyber security and tracking and closure of identified issues
Must have technical / professional qualifications - 12-15 years of full-time in Information Security and Cyber Security
Ethical Hacking, Vulnerability Assessment, Application Security& Penetration Testing
Cyber Attacks intelligence and designing of security controls
Decision making and problem solving capabilities
Ability to interact with senior individuals of the company to explain and connivance cyber security situation.
Years of Experience 18-20 years of experience in project management in Industries to look from Telecom, Banking
Ideal Organizations to look from As mentioned above industries
Direct reports : CTSO