Sr. Information Security Lead - Bangalore, India - Philips

Description

Job Title

Job Description

Philips is a global leader in health technology, committed to improving billions of lives worldwide and striving to make the world healthier and more sustainable through innovation. Driven by the vision of a better tomorrow.

But it's not just what we do, it's who we are. We are 80,000, wonderfully unique individuals, with two things in common. An unwavering sense of purpose and a relentless determination to deliver on our customers' needs. It's what inspires us to create meaningful solutions – the kind that make a real difference – when it matters most.

The world and our customers' needs are changing faster than ever before and while we are proud of what we do already, we know we can do more. That's why we need you, to help us tackle increasingly complex challenges posed by ever evolving health and well-being needs.

In this role, you have the opportunity to

Information Security Lead will be responsible for developing, implementing and monitoring a strategic, comprehensive IT security plan for platforms across Enterprise IT. Information Security Lead will provide the vision and leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective governance, system and infrastructure availability, integrity and confidentiality. This position reports to Head of Enterprise IT Security.

Information Security Lead need to be strong in the below mentioned areas:

• Threat modelling
• Security Testing (includes Dynamic, Static Security Testing),
• Penetration Testing
• Application Architecture review
• Cloud Security Architecture Review
• Define Security Use Cases
• Cloud Platform Security
• API Security
• Open AI/GenAI Security
• Data Lake Security
• Modern Authentication
• SDLAN Security
• Network Segmentation
• MITRE Attack Framework
• Cyber Security Framework based on Industry Standard / Best Practices
• CIS Baseline Validation
• Microsoft Defender Implementation and Monitoring (Malware, EDR, ATP)
• Microsoft 365 Security
• Designing of Conditional Access Policy

You are responsible to:

• Develop and maintain robust security controls to protect Philips business from security breaches/ incidents.
• Deliver security demand from the business for security controls.
• Gather Security Management Framework and information security architectural requirements and drive compliance of Enterprise IT systems against those requirements.
• Manage risk profile of the IT-systems and Suppliers
• Drive education and awareness activities across platform and Enterprise IT.
• Evaluate new cybersecurity threats and IT trends and develops effective security controls.
• Establish regular governance with service owners to review security controls status
• Liaison with Philips Information Security Office in driving security Improvement Program
• Evaluate potential security breaches, coordinates response, and recommend corrective actions.
• Define and report on information security KPIs.
• Organize the preparation of the security status dashboards including presentation to executive management.
• Analyze application end to end, prepare threat modeling (STRIDE, PASTA & DREAD) based on different risk scenarios and drive to fix those risks
• Cloud Security Management that includes Security Posture Management, Security Baseline, Code validation for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard Firewall Management, Docker Security, Kubernetes security
• Prepare security use cases / functional requirements that new solutions need to meet. Validate those requirements are met when the solution is delivered.
• Perform API Security testing that includes – API inventory, logging and monitoring, API Gateway Security, API Services Security.
• Exposure to network security which includes network segmentation, DDoS, Network Devices Security Baselining and monitoring, firewall rules review for any deviation.
• Application Security – integration of security tooling with CI/CD pipeline, review of security reports and follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code Review etc.
• Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication, design conditional access policy
• Management of foundational security tooling e.g. tools like Defender, EDR, Vuln Mgmt, CMDB agent.
• Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real threat actors.
• Perform attack pattern analysis based on MITRE Attack framework, support solution development to address the pattern
• Define Data Protection roadmap and work with architecture to meet the requirement. Deploy data protection tools like CASB, DLP etc.

You are a part of

Enterprise IT Security team working closely with Enterprise IT, IT Platform Leaders, CIO and CISO.

To succeed in this role, you should have the following skills and experience

Soft Skills

• Excellent English language communication skills, both verbal and written. Cross-cultural etiquettes, customer centric and collaborative mindset.
• Works autonomously within established procedures and practices.
• Good command on stakeholder management, judgement, conflict resolution, risk & mitigations.
• Provides leadership to the global team at strategic, tactical, and operational level
• Maintains current knowledge of industry and regulatory trends and developments for the enterprise technology.
• Specialized in a number of Security domains such as incident response, operational assessment of security posture, general security management.
• Thorough understanding of Security Management principles, Security governance principles

Qualification

• Bachelor's or Master's degree in Information Technology and or commensurate experience in delivering security solutions.
• Overall Enterprise IT Security experience of 15 years or more.
• Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.

#LI

In return, we offer you

A warm welcome to a challenging, innovative environment with great opportunities for you to explore. Quality is right on the top of Philips leadership agenda and that means you have the unique opportunity to come in and have a recognized voice to drive and witness exciting, transformational changes. You will be empowered to drive high quality, groundbreaking innovations with a globally recognized, premium brand behind you. Next to that a rewarding career in Philips with attractive package

Why should you join Philips?

Working at Philips is more than a job. It's a calling to create a healthier society through meaningful work, focused on improving 2.5 billion lives a year by delivering innovative solutions across the health continuum. Our people experience a variety of unexpected moments when their lives and careers come together in meaningful ways. Learn more by watching this video.

To find out more about what it's like working for Philips at a personal level, visit the Working at Philips page on our career website, where you can read stories from our employee blog. Once there,you can also learn about our recruitment process, or find answers to some of the frequently asked questions.