Assoc. Dir. DDIT ISC VulnSvcs role

Major accountabilities:

• As a lead, own the design, implementation, roadmap, and operational oversight for VulnSvcs products to centralize and or operate the related processes:
• Ownership of VulnSvcs business requirements, translating to technical solution requirements, working with cross functional teams to manage implementation.
• Proactively monitor and govern engineering and support operations of the VulnSvcs solutions such as ServiceNow (SecOps module, custom modules), exposure mgmt. independently and aligned external/internal individuals.
• Identify problem areas and drive identification of root causes as well as sufficient prevention of recurrences.
• Lead product vendor/CSM connects to address Novartis requirements/issues.
• Plan, influence and deliver VulnSvcs products roadmap and maturity.
• Stay up to date with latest product features, perform POCs, finalize implementation requirements, ensure planned production.
• Develop and maintain documentation of related process and best practices.
• Provide security awareness and training to teams on VulnSvcs solutions and Mgmt.
• Implement security policies, procedures, and standards to ensure the confidentiality, integrity, and availability of solutions from technical vulnerabilities.
• Identify potential improvement areas for vulnerability remediation and shared learned lessons with application/development teams.
• Monitor and prioritize security vulnerabilities through risk analysis to understand potential impact and translate vulnerability severity as security risk.
• Flexibly support emergency response for 0-day vulnerability remediation.
• Collaborate with various stakeholders from security operations, architecture, cyber, platform and application teams to achieve goals.
• Defines remediation activities for security assessment gaps as they pertain to IT Security Management

Key performance indicators:

• Stable, compliant, secure, and cost-effective operations measured by Availability, Performance, Capacity, Security Metrics -Responsiveness and Recovery Speed of critical incidents/issues in business -Learning Agility, ability to evaluate and launch new services and capabilities -Productivity gains and defect reduction through continuous improvement -Automation led Security Operations Services -Integration of Applications and Infrastructure into Centralized Security Platforms
• Adequacy and maturity of VulnSvcs technology and processes.
• Technical expertise proven in identifying, reviewing, and improving risk posture.
• Ensure Application/project satisfied with the risk, security, and remediation advisory.
• Reducing the number of vulnerabilities by adapting remediation wherever possible
• Cross skill collaboration and feedback from the various stake holders

Minimum Requirements:
Work Experience:

• 10+ years of overall working experience in information security preferably in Vulnerability Management, Security Patching and Security Operations domain.
• At least 5+ years of relevant experience in security domain dealing majorly with vulnerability analysis, remediations, and assessments.
• Experience with centralizing threat vulnerability management process & technologies.
• Experience of sourcing complex IT services, product management and working closely with vendors for effective use of capabilities.
• Demonstrated leadership skills through experience in middle management and/or engagement with large security/development program stakeholders.
• Risk.
• Accountability.
• Strong cross functional leadership.
• Relationship Management.
• Strategy Development.
• Operations Management and Execution.
• Collaborating across boundaries.
• Project Management.
• Interactions with senior management.
• People Leadership.

Skills:

• SNOW SecOps and related vulnerability products integration.
• Strong knowledge of security vulnerabilities in software and infrastructure, OWASP, SAMM, security frameworks, application architecture principles, security risk analysis and relevant domain areas.
• Acumen in designing and guiding implementation of vulnerability management solution workflows, integration design of vuln detection tools, hands-on testing and ideation of related product features, product security operations.
• Persuasive communication skills to effectively convey to both technical and non-technical stakeholders, and the ability to collaborate with cross-functional teams.
• Strong problem-solving skills and the ability to work independently.
• Strong understanding of metrics, KPI/KRI, SLAs, and dashboards for vulnerability management and providing executive reporting.
• Escalation.
• Information Security Audit.
• Information Security Risk Management.
• Quality Management.
• Root Cause Analysis (Rca).
• Sec Ops (Security Operations).
• Vendor Management.

Languages :

• English.