Information Security Program Manager
(5+ years exp)Netmeds.com
Job Location
Job Type
Full TimeVisa Sponsorship
Not AvailableRelocation
AllowedSkills
Hiring contact
Vijay Hemnath PThe Role
We are seeking a Information Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.
Roles & Responsibilities:
- Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
- Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
- Managing penetration tests and security reviews for core applications and APIs.
- Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
- Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
- Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
- Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
- Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
- Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
- Investigate privacy breaches.
- Educate employees on data privacy & security.
- Prioritize security requirements based on their severity of impact and product roadmap.
- Maintain a balance of security and business values across the organisation.
** Required Skills:**
- Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
- Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.
- Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.
- Experience in Log Management, Security Event Correlation, SIEM.
- Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.
Good to Have Skills:
· Online Fraud Prevention.
· Bug Bounty experience.
· Security Operations Center (SOC) management.
· Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
· Experience / Knowledge on tools like Fortify and Nessus.
· Experience in handling logging tools on docker container images (ex. Fluentd).
Qualifications & Certifications:
Bachelor / Master degree in Computer Science / Information Technology with 3+ years of experience contributing towards Information security of SaaS products.
CEH, CIPM or similar certifications will be an added advantage.
Familiar with cloud hosting technologies (ex. AWS, Azure, GCP).