Cyber Security jobs in India

Support Implementation and maintain security technologies to identify and remediate cyber security incidents. Uplift the security posture of the global group by working closely with internal stakeholders and implementing new security capabilities.

As the Head of cyber security India:

- contribute towards the evaluation of IT threat landscape, security policies, and controls

- lead development of information security standards and procedures for business units

CISO role with growing NBFC MFIHands on experience in information security

The role is of VP (Business Development) who will have the responsibility to design and execute business strategies for company's objectives and explore new industry collaboration. You should be someone who is excited to take on different responsibilities as the company grows. The position will allow you to solve challenging technical problems in Cyber Security and Cyber Security of Cyber Physical Systems domains.

-This role involves working closely with the head of cyber security and leading the IDAM/IAM and PAM space for the group
-The leader expected to work with team and product partner to design, development, implementation, maintenance, and enhancement of identity solutions for the organisation

Partner with the CISO and Cyber Security COEs to assess execution of security policies and validation of necessary controls in line with defined systems and processes

Identify major external attacks, risks and threats and respond to cyber events, manage them

Maintain tools and techniques to ensure monitoring systems and technology is maintained

Foster an environment of learning, excellence, and innovation within the team and across teams

-This role is responsible for leading the Identity team, providing both strategic and operational direction to effectively assess, mitigate, and respond to security threats consistent with the organization's risk exposure and maturity goals
-The position influences and partners across the Cyber Security yeam and other stakeholers' to successfully implement risk-based mitigation solutions and identity capabilities across the company.

Role Purpose

The role is the security architect for the infrastructure related domain. It is responsible for developing and promoting the use of security patterns. Working closely with teams in the development of controls needed for new solutions and technology. Representing Cyber Security Engineering and Architecture at Architecture Design and Review Forums and associated activities. The role works closely with security control owners.

The role is supported by Security Engineering & Architecture teams.Reports to

Head of Security Engineering

Head of Security Architecture (dotted reporting line)Direct reports

No FTE reports.

May need to manage contingents (non-FTEs) in delivery.Key relationships & committees

· Security Architecture Design Forum

· Architecture Governance

· Cyber Security Architecture

· Cyber Security Engineering

· Cyber Security Testing and Vulnerability Management

· Cyber Security Cloud Security

· Cyber Security Operations

· Infrastructure & Cloud

· Programme & Project BoardsResponsibilities Key responsibilities

· Lead the security architecture activities for the infrastructure domain across LSEG.

· Design and publish Security Architecture Design Patterns and Standards to comply with group security requirements, industry standards, customer requirements regulatory requirements and best practices.

· Research, design and document the security posture requirements and controls of new technology introduced into the Group related to the domain area. Engage with technology acquisition processes to ensure all new technology introduced is evaluated. Research industry trends and regulatory requirements.

· Own the Security Architecture evaluation of risks identified in systems, including reviewing, and proposing tactical and strategic remediation plans, and evaluation the cost / risk benefits of remediations.

· Champion the adoption of security design, with technical delivery teams for both existing systems and new systems.

· Engages with and infrastructure solution architects in the development information security plans.

· Nurture and enforce technical practices to deliver technical excellence.

· Foster and support experimentation and innovation in solving problems.

· Manage third parties in their deliveries related to the domain area.

· Provides company representation, internally and externally, related to information security, as needed.

· Metrics and monitoring to report the demand, effectiveness and efficiency of security architecture activities are provided to existing reporting process.

· Support risk exception processes.Leadership responsibilities

· Will be required to lead non-FTEs on activities as necessary.

· Initiative: Identify opportunities and proactively addressing problems.

· Innovation: Bring new ideas and perspectives to the discussion.

· Collaborate: Build relationships and foster a positive work environment where stakeholders are involved in decisions.

· Adaptable: Flexible, open-minded to adjust to new situations and challenges. Considers alternative approaches to solve challenges.

· Influence: Shape the thinking of others on topics, bring insights and expertise.Critical deliverables

Delivering security design patterns, with full audit trail.

Security Architecture reviews are consistently conducted for the infrastructure domain.Impact

Important in the management of security risks across LSEG.

Important in addressing regulatory cyber and resilience concerns for our regulated entities.

Delivers on the trust stakeholders place in LSEG as an operator of financial markets and as a data provider.Key KPIs

· Delivery of design patterns (pace of delivery, and coverage of pattern library)

· Security architecture reviews are consistent in assessment of control requirements.Technical / job functional knowledge

· 10+ years of increasing responsibility in technical engineering or information security roles, security architecture preferred.

· Applied understanding of topics such as authentication, access control, encryption, cloud security, operating system security, virtualization security, network security, database security.

· Experience in enterprise architecture frameworks

· Experience in thread modelling / design patterns

· Proven Experience in designing and applying security controls into distributed systems (on-premises and cloud)

· Thorough understanding of the latest security principles, techniques, and protocols

· Critical thinker

· Problem solving skills, ability to work under pressure and self-starter.

· Deep understanding of common as well as emerging vulnerabilities and how they manifest in different types of applications.

· Familiarity with common Tactics, Techniques and Procedures used by adversaries.

· Knowledge of security frameworks including NIST, ISO27001, SOC2 and control assurance.Business and sector expertise

Preferred prior experience in the financial services and / or technology sector.

Preferred prior experience in heavily regulated environment.Leadership and management experience

· Initiative: Identify opportunities and proactively addressing problems.

· Innovation: Bring new ideas and perspectives to the discussion.

· Collaborate: Build relationships and foster a positive work environment where stakeholders are involved in decisions.

· Adaptable: Flexible, open-minded to adjust to new situations and challenges. Considers alternative approaches to solve challenges.

· Influence: Shape the thinking of others on topics, bring insights and expertise.Personal skills and capabilities

· Owns tasks and demonstrate high degree of automatic responsibility to ensure completion.

· Strong in building effective relationships with stakeholders and respectfully challenge when necessary.

· Clear spoken and written communication skills, able to clearly articulate complex concepts to a broad audience. Proficient in writing high quality documentation aligned to an activity and the target audience.

· Ability to successfully work as a part of a globally distributed team as well as work independently.

Role Title

Principal Security EngineerStatus

* New role or combination of existing roles

* If combination, what were the original grade/career stage

* Any confidentiality or regulatory constraints

New Role

No specific confidentiality or regulatory constraints above those of a standard LSEG employee. Not an approved person or similar.Role Purpose

Developing cyber defence capabilities to protect the group from cyber threats which seek to impact the confidentiality, integrity and availability of group assets. Domain area is Vulnerability & Threat ManagementReports to

Senior Manager, Vulnerability & Threat ManagementDirect reports

No direct FTE reports.

May manage contingents and vendor/partner resources in their deliveries.Key relationships & committees

Stakeholders include the wider security team including security architecture, cyber strategy business function, governance, risk and compliance, global security operations centre. Programme management. Entity level Business Information Security Officers (BISOs). Infrastructure & Cloud operations, engineering and architectures teams. Internal risk and audit functions. Architecture and corporate approval forums. External stakeholders partners/vendors, regulators and industry schemes.Responsibilities Key responsibilities

Develop and own the strategies, architectures, designs and associated artefacts within the domain area. Technologies have clear roadmaps and lifecycles defined.

Own the controls related to the domain area and ensure they remain effective through their lifecycle.

Lead projects, some with significant risk profile as part of the cyber programme and other initiatives which are complex and span the group and require a broad perspective in solving challenges.

Manage and deliver changes to controls as necessary which are not part of project activity.

Develop key indicators, analysis and artefacts to continually evidence and report control effectiveness and risk for the group.

Escalation support for any operational incident from operations or global security operations centre for related domain technologies.

Manage third parties in their deliveries related to the domain area.

Solve complex problems related to the domain area.

Remain current with principles, concepts and emerging technologies related to the role.

Influence vendor roadmaps and functionality in support of LSEG objectives.Leadership responsibilities

This role is an individual contributor and leads no FTE headcount. The role holder may be asked to deputise for the Senior Manager during any period of absence.

Expected to manage and direct the engagement of contingent workers where flex resourcing is required. Either contractors or partner resources.Critical deliverables

Delivery of activities against of agreed cyber security strategies. Shapes project delivery with the project management team and the senior manager of the domain area.

Delivery of key artefacts associated with the role, artefacts support evidencing and assurance activities.

Ongoing control operation and effectiveness and evidencing of such.

Reporting, development and management of agreed measures, key performance indicators and key risk indicators.Impact

As a group level function the role has impact across all parts of the business as it has responsibility for the relevant group security controls which seek to mitigate the risk and impact to the group from cyber-attacks. Impacts include financial, economic, regulatory, customer and brand.

The role is key to addressing regulatory concerns for all of our regulated entities related to cyber security and cyber resilience.Key KPIs

Delivery of projects and BAU activities within agreed timescales to the required standard.

Issues that are identified are fixed and remain fixed and are not recurring.

Key artefacts for the activities performed by the role exist, are accurate and of required standard.

Agreed measures related to controls owned by the role, for example Key Risk Indicators, are delivered and managed.Technical / job functional knowledge

Knowledge and experience of the architecture, engineering and operation of vulnerability and threat management technology. Discovery and classification of vulnerabilities across systems and platforms. Guidance & assurance aspects of remediation. Level of knowledge in the domain technology area would be considered as an expert.

Knowledge and experience of different operating systems and platforms in relation to the domain area which includes assurance of security configuration parameters. Level of knowledge would be considered an expert.

Architecture and engineering of layered control capabilities to an expert level.

A strong understanding of information security principles and best practices.

Adversary Tools, Techniques and Procedures. A deep understanding of TTP's is required.

Threat Modelling experience.

Broad technology knowledge across non-core domain area.

Modern engineering practices, automation to drive efficiencies. Infrastructure as Code mindset. Code / scripting for practical tasks and tool integrations.

Structured and methodical troubleshooting practices for resolving the most complex problems.

Policies, standards and security frameworks, NIST, CIS. Strong skills to author formal documentation.

Risk and control, management, monitoring and reporting.

The role holder works independently and with guidance only in the most complex of situations. The role holder is expected to solve problems with sound judgement and in a way that is aligned to good practice and in the long-term interests of the organisation.

The role holder is likely to hold one or more of the following security or engineering/architecture specific certifications, CISSP, OSCP, TOGAF, GIAC or those relevant to the role/domain area.Business and sector expertise

Experience and knowledge of technology in financial services and/or regulated environments and industry compliance schemes (for example SWIFT) preferred.

Must have significant experience of working in security focussed roles. Likely will have greater than 5 years full time in security roles as part of an overall career in technology in excess of 10 years focussed predominantly in the domain area for the role. Expected to have direct hands on experience in some of the domain area technologies.Leadership and management experience

Managing a non-FTE delivers from contingent and/or partner/vendors in delivery.

Experience in advocating for and influencing change in order to reach best outcome based on the needs of the organisation, stakeholders and from monitoring industry trends.

Mentoring and guiding those at earlier career stages to grow the competence and experience of the team.Personal skills and capabilities

Collaborating across the group to deliver successful sustainable outcomes for the group and its stakeholders.

Takes ownership and commits to delivering sustainable outcomes and resolving problems.

Demonstrates a bias for action.

Strong track record of delivering results without compromising on quality.

Critical thinker, takes in broad perspectives to assess and make decisions.

Willingness and flexibility and to work across different technologies.

Capability to quickly assimilate new concepts and technologies.

Takes ownership of own career development and learning.

Delivering feedback in a way useful for an individual and a team for growth.

Adapts messaging and presentation styles to the needs of a different audiences.

Is measured and considered in challenging and high-pressure situations. Is clear and when necessary assertive in directing what needs to happen.