Total 59 Manager Information Analyst job vacancies in Legal / Public / Security category in The United States of America

Summary

Working as part of the information security office within the IT department at Pacific Prime CXA, the GRC (Governance, Risk and Compliance) Manager will be responsible for leading the day-to-day IT compliance, data governance and IT risk management functions. Primary responsibility will include defining, creation, management and maintenance of IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security controls and practices.

Responsibilities

• Establishing corporate information security policies, standards, guidelines, baselines and practices that protect the integrity and confidentiality of information and network infrastructure.
• Develop procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
• Proactively identify audit and compliance related issues to reduce the risk of security exposures, gaps in the design and operating effectiveness of controls whilst seeking opportunities for continuous improvement.
• Driving IT security programs in line with internal and external standards and ensuring compliance with in-country regulatory requirements.
• Maintaining oversight to enterprise-wide security technologies, actively monitoring & responding to security events.
• Develop and maintain standards and controls to ensure the protection of data based on classification.
• Work directly with business units to identify critical data and ensure appropriate data classification and protection standards are implemented.
• Manage the attestation program for all IT controls to support assurance and alignment across all information security stakeholders.
• Support internal and external audit process for relevant compliance concerns including PDPA, GDPR, MAS TRM, ISO27001, etc.
• Perform and evaluate information security risk assessments for various information systems and processes, including annual penetration tests.
• Develop, monitor, track and report against IT Security metrics and KPIs that help the IT Infra understand threats, vulnerabilities and risks associated with protecting information across the enterprise and plans to mitigate those risks.
• Develop and maintain the IT Risk Register to support ongoing tracking and management of all identified risks and issues and to ensure adequate and timely resolutions to all audit/review issues relating to security.
• Lead the development and operation of third-party vendor risk assessment, management and due-diligence program.
• Conduct client meeting and drive all the questions arising from client relationship teams. This includes completing client’s info security questionnaires and liaising with clients on all such requirements within tight deadlines.
• Formulate, lead and communicate security goals and objectives based on an integrated understanding of business priorities, security vision and strategy.
• Providing security related support to IT and business team users and facilitate recommendations on future technical trends/directions that encompass multiple systems and teams to meet business critical initiatives.
• Point of contact to assist and advise on Information Security related matters

Requirement

• BSc in Computer Science or equivalent; with 5+ years of relevant working experience in IT governance, risk, and compliance management.
• ISACA / CISM / CISSP Certification.
• Strong understanding of fundamental information security concepts and technology.
• Familiarity with ISMS and security frameworks, particularly NIST Cybersecurity Framework.
• Understanding of Information Security principles, IT infrastructure (including operating systems, applications, communications and network protocols), architecture elements of Identity Access Management (IAM), network security, data security/DLP, cryptography, logging and monitoring.
• Experience in security design, threat modelling and risk assessments.
• Candidate should be fully aware of the current and emerging security solutions available in the industry.
• Ability to be self-motivated, flexible and be able to drive and manage multiple tasks and priorities on very tight deadlines in a fast paced and rapidly changing environment.
• Strong interpersonal and collaboration skills with the ability to develop, maintain and foster constructive relationships with others.
• Excellent written and oral communication skills.
• Effective communication and analytical skills
• Strong work ethic with attention to detail.

SAM is looking to fill the position of Information Security Manager. This is a regional role and is overall in-charge of all the entities under SAM. He/She will report to the CEO.

Responsibilites

• To develop and implement a long-term Information Security & Cyber Security strategies and roadmap to protect corporate information and IT assets.
• Set up Cyber Security policy to standardize practice and govern all the security landscape within the group of companies.
• Provide Information security & Cyber Security strategic advice to senior management.
• Modernize and optimize the conduct of governance and oversight roles to maintain risk register, third-party vendor assessment, leveraging and advanced analytics for trending and compliance monitoring.
• Manage Information & Cyber Security and Personal Data Protection matters, liaise with different stakeholders and oversee the implementation of it to improve the overall Information Security, Cyber Security and Personal Data Protection.
• Drive the review and enhancement of third-party vendor risk management and establish a holistic framework and structure to manage the risk.
• Ensure the Information & Cyber Security practices are in compliance with applicable laws, regulations and policies.
• Conduct regular communication and refresher briefing to senior management to maintain a good level of Information & Cyber Security and information risk awareness.

Requirements

• Degree in IT/Computer Studies or Diplomas with extensive relevant cybersecurity experience
• At least 5-7 years of relevant working experience in the field of Information Security and Cybersecurity
• Possess at least one of professional cyber security certifications such as CISA, CISSP and CISM. Those with CEH, CRISC will have added advanatages.
• Good communication, interpersonal skills, with proven abilities to manage multiple priorities, drive project teams and collaborate across business units and partners to achieve desired goals.
• Possess Information & Cyber Security domain knowledge across areas such as IT architecture and solutions, security operation center, application security, infrastructure & network security, data & information protection, supply chain security, cloud security, Information & Cyber Security regulations and compliance will have added advantage.
• Strong experience and knowledge in technology and Information & Cyber Security standards and policy review, oversight and governance, risk management and audit.
• In-depth knowledge of industry information and cyber security practices, frameworks and standards such as the NIST Cybersecurity Framework and ISO 27001.
• Hands-on working knowledge in managing and delivering security penetration testing, vulnerability management services and application security.

Job Summary

Implement and oversee Sparrow's IT security operations framework, including security operations role definitions, monitoring, incident and event management, privileged access management, and overall security architecture. Ensure compliance with industry standards and regulatory requirements.

Job Responsibilities

· Define and implement IT security operations framework for the company, including security operations role definitions, monitoring, incident and event management, privileged access management, and overall security architecture

· Collaborate with IT management to implement appropriate segregation of duties in compliance with industry best practices

· Create and promote a strong security culture throughout the organization

· Define, implement, document, and conduct reviews on Sparrow's Information Security Policies and Procedures, Information Security Risk Management, and Change Management

· Ensure compliance with information security policies and procedures among employees, contractors, partners, and other third parties

· Work with business units, vendors, IT application, and infrastructure teams during the software development lifecycle to ensure adequate security controls are in place

· Apply risk management practices in an operational environment, including audit procedures/controls and systems hardening

· Perform information security risk assessments and serve as the internal auditor for information security processes

· Review all system-related information security plans throughout the organization's network

· Respond to security incidents, conduct investigations, and recommend appropriate follow-up actions

· Work closely with SOC and development teams to ensure end-to-end security implementation, audit, and MAS regulatory compliance.

Skills & Qualifications

· Expert knowledge of Information Security Standards (ISO 17799/ISO 27002 & ISO 27001), Payment Card Industry Data Security Standards (PCIDSS), and MAS Technology Risk Management Guidelines (TRM)

· Bachelor's degree in Computer Science, Computer Engineering, or a relevant qualification

· Certifications in CISSP, CISA, CISM, ISACA, or equivalent

· At least 5 years of Information Technology experience, including 2 years in managing IT Security Operations

· Fluency in both English and Mandarin

IT Cyber Security Analyst & Team Leader - CISSP or CySA+ or MSc Information Security

Weymouth, Dorset, or London, South East UK or Stoke on Trent, Staffordshire

£50,000pa + Hybrid & Flexi-Working & Training & Certifications Available

Weymouth, Dorset, or London, South East UK, or Staffordshire + Hybrid and Flexible Working as Standard

The Client: Are a well-known High St and Online retailer who are seeking a Senior IT Cyber Security Analyst who specialises in Microsoft / Wintel Servers and Virtualisation supporting a UK wide infrastructure.

Objective: You will Lead 2 x Cyber Security Analysts, giving support to the Head of Cyber Security in delivering the Information Security service to the global business.

You will lead all Cyber Security Operations function and be the first point of contact for technical information security related matters.

Role Responsibilities:

• You will Lead 2 x Cyber Security Analysts, giving support to the Head of Cyber Security
• Act as the first point of action or escalation for the identification of security incidents and their investigation.
• Be responsible for the managed Security Operations Centre (SOC), Network Monitoring and Managed Detection and Response services and associated vendor relationships.
• Offer mentoring, advice and guidance to those in your Team
• Be the subject matter expert for technical security related queries, providing the Security Architect, IT Service and Delivery teams and business stakeholders with authoritative advice and defined security requirements.
• Be responsible for the Security Education and Awareness scheme.
• Ensure Cyber Security campaigns are conducted, and improvements implemented and ensure colleague queries around policies and requirements are appropriately answered in a timely manner.
• Be responsible for the Vulnerability Management process.
• Act on vulnerability information and conduct Cyber Security risk assessments and work with suppliers, partners, and internal teams to ensure security vulnerabilities are identified, assessed, and remediated in good time.

Key Requirements you will need:

• In depth knowledge of Information Security concepts and principles, including cloud security capabilities.
• Experience with configuring and utilising security tooling, including SIEM, EDR, vulnerability scanners, CASB, network scanning, DLP.
• Hands-on IT experience with proven expertise in a previous Information Security role.
• Vendor management experience.
• A relevant intermediate or advanced Information Security based qualification (e.g. CISSP, CySA+, MSc Information Security)
• Ability to critically analyse information and make decisions based on judgement, knowledge, and experience.

Business Knowledge:

• Knowledge of Retail and eCommerce is of great advantage but is not essential.
• Working knowledge of the Information Security elements of Data Protection regulations (e.g. GDPR, The Data Protection Act 2018) is essential.
• Knowledge of the NIST Cyber Security Framework is of advantage.
• Awareness of regulations that affect Retail, such as PCI DSS, is of great advantage but experience of maintaining compliance is not essential.

CISSP or CySA+ or MSc Information Security Certifications will be advantageous.

Call 0121 712 8715 today!

• Global & Regional Exposure
• Excellent Benefit and Compensation Package

About Our Client

Our client is a leading firm, looking to on-board an Information Security Manager. This is a regional position and requires travel within APAC region.

Job Description

As the Information Security Manager, your responsibilities include:

• Establish and oversee the company-wide information security management system (ISO27001).
• Evaluate current information security status and create detailed enhancement plans.
• Ensure compliance of software, technology, and information security policies with local laws and regulations.
• Develop, update, and disseminate information security policies, processes, and standards.
• Manage all audits and inquiries related to Information and Cyber Security across the Group.
• Craft responses to audit and assessment queries, collaborating with regional and HQ teams.
• Conduct awareness campaigns, including training sessions.

The Successful Applicant

As a Successful Candidate, you will have the following:

• Bachelor's Degree in Computer Science or a relevant field
• At least 5 years of experience in information security GRC
• Excellent knowledge and experience with ISMS/ISO 27001/ICS
• Excellent communication skills, with the ability to effectively present, liaise with stakeholders
• CISSP/CISM/CISA/Lead Auditor certified

What's on Offer

• Reputable MNC
• Hybrid Working
• Excellent Benefits

Contact

Isha Hussain (Lic No: R2197976/ EA no:18S9099)

Quote job ref

JN-032024-6368144

Phone number

+65 6416 9850

Michael Page International Pte Ltd | Registration No. 199804751N

Responsibilities (how we will measure success)

To provide second line support for all aspects of the Group’s Information Security strategy and arrangements encompassing cultural, physical and technology elements throughout the business, with the primary focus being on Info Sec programme governance and oversight.

Working as part of the Group Risk and Compliance department, the second line Info Sec team interact regularly with the first line IT Security team, providing oversight, challenge and validation of operational controls and procedures. The role holder will work closely with business and technology teams to help articulate and communicate the Info Sec governance programme, identify risks and threats, and evaluate and help implement controls and improvements.

Tasks (what does the role do on a day-to-day basis)

• Support the management of Information Security governance for the organization, ensuring adherence to Group policies and standards.
• Work closely with the Group Risk and Compliance team to ensure key Information Security risks and issues are identified, addressed and resolved in a timely manner.
• Serve as the lead representative for the second line Information Security team in the region, working closely with local stakeholders to ensure Group security strategy is appropriately implemented, and regional requirements are understood and supported.
• Assist in management of the Group’s Information Security Management System including maintenance of the ISO 27001 certification.
• Engage with the first line IT Security Operations team and assist the Group CISO in providing oversight and challenge to that function.
• Participate in the security training and awareness programme including the compliance process, assessment of the threat landscape to inform the development of training content and publication of materials through corporate channels.
• Participate in periodic security testing activities (e.g. penetration testing, DR exercises) and prioritise and manage response activities.
• Assist with the audit and client management aspects of the Information Security team, including client due diligence questionnaires; help design more effective procedures in this space.
• Help improve and support relevant security metrics; analyse data, identify trends and drive improvements to the control environment.
• Assist in general Information Security related issues as required, including potential interaction with the Security Operations team, Technology teams and business stakeholders.

In a world of possibilities, pursue one with endless opportunities. Imagine Next!

When it comes to what you want in your career, if you can imagine it, you can do it at Parsons.  Imagine a career working with intelligent, diverse people sharing a common quest. Imagine a workplace where you can be yourself. Where you can thrive. Where you can find your next, right now. We’ve got what you’re looking for.

Job Description:

Delivering Effective Information Security Systems Management in a Fast-Paced and Dynamic Environment

You are keenly aware of the need to enable a work environment that supports program objectives while at the same time adhering to mission-critical national security requirements regarding the protection of data, systems and capabilities. This awareness and capacity to ensure compliance while enabling approaches and systems that advance the mission will be critical factors underpinning the success of the multiple program execution teams. In addition to leading a team of security IT professionals, you will regularly interact with our Parsons Security managers, Program leaders, their teams, Customer representatives, and corporate IT and Cyber organizations. We will strongly support your need to excel and achieve program security objectives in a balanced and effective manner. Ready to put your skills to work ? If you are committed to our National Security through the delivery of a comprehensive Information Assurance program, Parsons has a challenging and rewarding opportunity for you to contribute to our community.

Role:

The ISSM develops, maintains, and implements information security standards, procedures, and guidelines for systems and applications that align with compliance requirements and program objectives. Ensures that systems and organizational environments are protected from unauthorized access and use. Monitors systems, identifies threats, and handles disaster recovery operations. Manages day-to-day tasking of security IT team to provide system security to production networks. Mentors and develops training plans for team members on various technologies and procedures to help them grow in their career. Develops and delivers materials to Parsons program staff to elevate their understanding of Information Assurance programs and their role in achieving success. Collaborates with other managers in the Security IT organization on company-wide activities such as organizational planning, strategy, and innovation.

Responsibilities:

• Overall responsibility for Information Assurance programs in our Central Maryland region
• Collaborates with program leadership and Security officers to establish agreed scope/requirements and deliverables, set priorities, develop schedules, and provide status updates on progress and operations
• Manage team of System Administrators and ISSOs to build and maintain customer environments
• Consults as necessary to develop and assimilate long-range plans and requirements.
• Provides advice and counsel to the organization in areas of expertise
• Performs assessments of information systems including passive evaluations/compliance audits and active evaluations/vulnerability assessments
• Establishes strict program control processes to ensure mitigation of risks and to support obtaining assessment and authorization of systems (ATO, IATT) which includes support for process, analysis, coordination, security certification test, as well as security documentation, investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits
• Assists in the implementation of required government policy (NISPOM, ICD 503, RMF), and makes recommendations on process tailoring
• Performs analyses to validate established security requirements and recommends additional controls and safeguards where required
• Supports the formal Security Test & Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports
• Trains and mentors team members on government policies to ensure understanding of essential tasks
• Contributes to the development of innovative principles and ideas
• Works on unusually complex problems to identify creative solutions
• Perform other responsibilities as needed

Qualifications:

• Bachelor’s degree and typically 10+ years of related professional experience. An advanced degree may be preferred at this level. Non-degreed an additional 4 years of related experience.
• Experience managing technical teams
• Experienced at requirements gathering and developing technical solutions
• Experience with the Intelligence Community (IC) and DoD collateral. 
• Security standards:
  • ICD 503
  • NISPOM
  • NIST 800-53
• Active TS/SCI with a polygraph
• DoD 8570 compliant IAM Level III certification is required
• Significant experience developing and maintaining SSPs;
• Knowledge and familiarity with XACTA, LatteART, scanning tools (e.g. ScanBoy, Nessus Security Center), NIST RMF, and STE/STN
• Experience with Project Planning and Project Management

Preferences:

• DoD 8570 compliant IAM Level III certification
• Possess a CISSP or CISM
• Experience with Agile Project management
• Experience with Atlassian Jira and Confluence

Minimum Clearance Required to Start:

Top Secret SCI w/Polygraph

This position is part of our Corporate team.

We’re driving the future of the national security and critical infrastructure markets. Our employees work in a close-knit team environment to find new, innovative ways to deliver smart solutions that are used and valued by customers around the world. By combining unique technologies with deep domain expertise across cybersecurity, missile defense, space, connected infrastructure, transportation, smart cities, and more, we're providing tomorrow's solutions today.

Salary Range: 

$126,600.00 - $227,900.00

We value our employees and want our employees to take care of their overall wellbeing, which is why we offer best-in-class benefits such as medical, dental, vision, paid time off, Employee Stock Ownership Plan (ESOP), 401(k), life insurance, flexible work schedules, and holidays to fit your busy lifestyle!

The position may require a COVID vaccination or an approved accommodation/exemption for a disability/medical condition or religious belief as required by customer requirements and some cases federal, state, provincial or local mandates.

Parsons is an equal opportunity employer committed to diversity, equity, inclusion, and accessibility in the workplace. Diversity is ingrained in who we are, how we do business, and is one of our company’s core values. Parsons equally employs representation at all job levels for minority, female, disabled, protected veteran and LGBTQ+.

We truly invest and care about our employee’s wellbeing and provide endless growth opportunities as the sky is the limit, so aim for the stars! Imagine next and join the Parsons quest—APPLY TODAY!

Summary

Working as part of the information security office within the IT department at Pacific Prime CXA, the GRC (Governance, Risk and Compliance) Manager will be responsible for leading the day-to-day IT compliance, data governance and IT risk management functions. Primary responsibility will include defining, creation, management and maintenance of IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security controls and practices.

Responsibilities

• Establishing corporate information security policies, standards, guidelines, baselines and practices that protect the integrity and confidentiality of information and network infrastructure.
• Develop procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
• Proactively identify audit and compliance related issues to reduce the risk of security exposures, gaps in the design and operating effectiveness of controls whilst seeking opportunities for continuous improvement.
• Driving IT security programs in line with internal and external standards and ensuring compliance with in-country regulatory requirements.
• Maintaining oversight to enterprise-wide security technologies, actively monitoring & responding to security events.
• Develop and maintain standards and controls to ensure the protection of data based on classification.
• Work directly with business units to identify critical data and ensure appropriate data classification and protection standards are implemented.
• Manage the attestation program for all IT controls to support assurance and alignment across all information security stakeholders.
• Support internal and external audit process for relevant compliance concerns including PDPA, GDPR, MAS TRM, ISO27001, etc.
• Perform and evaluate information security risk assessments for various information systems and processes, including annual penetration tests.
• Develop, monitor, track and report against IT Security metrics and KPIs that help the IT Infra understand threats, vulnerabilities and risks associated with protecting information across the enterprise and plans to mitigate those risks.
• Develop and maintain the IT Risk Register to support ongoing tracking and management of all identified risks and issues and to ensure adequate and timely resolutions to all audit/review issues relating to security.
• Lead the development and operation of third-party vendor risk assessment, management and due-diligence program.
• Conduct client meeting and drive all the questions arising from client relationship teams. This includes completing client’s info security questionnaires and liaising with clients on all such requirements within tight deadlines.
• Formulate, lead and communicate security goals and objectives based on an integrated understanding of business priorities, security vision and strategy.
• Providing security related support to IT and business team users and facilitate recommendations on future technical trends/directions that encompass multiple systems and teams to meet business critical initiatives.
• Point of contact to assist and advise on Information Security related matters

Requirement

• BSc in Computer Science or equivalent; with 5+ years of relevant working experience in IT governance, risk, and compliance management.
• ISACA / CISM / CISSP Certification.
• Strong understanding of fundamental information security concepts and technology.
• Familiarity with ISMS and security frameworks, particularly NIST Cybersecurity Framework.
• Understanding of Information Security principles, IT infrastructure (including operating systems, applications, communications and network protocols), architecture elements of Identity Access Management (IAM), network security, data security/DLP, cryptography, logging and monitoring.
• Experience in security design, threat modelling and risk assessments.
• Candidate should be fully aware of the current and emerging security solutions available in the industry.
• Ability to be self-motivated, flexible and be able to drive and manage multiple tasks and priorities on very tight deadlines in a fast paced and rapidly changing environment.
• Strong interpersonal and collaboration skills with the ability to develop, maintain and foster constructive relationships with others.
• Excellent written and oral communication skills.
• Effective communication and analytical skills
• Strong work ethic with attention to detail.

Joining Razer will place you on a global mission to revolutionize the way the world games. Razer is a place to do great work, offering you the opportunity to make an impact globally while working across a global team located across 5 continents. Razer is also a great place to work, providing you the unique, gamer-centric #LifeAtRazer experience that will put you in an accelerated growth, both personally and professionally.

Job Responsibilities :

The Senior Information Security Manager is responsible for implementing the organisation's information security (InfoSec) solutions and the development of security frameworks, policies, and controls. He/she will collaborate with experienced business/technology leaders and cross-functional teams to ensure the security of IT systems, data, and compliance with relevant regulations and industry standards.

Information Security Strategy and Planning:

• Contribute to the development the organisation's InfoSec strategy and roadmap
• Stay updated on industry trends, security best practices, and regulatory requirements

Policy and Procedure Development:

• Create, maintain, and update InfoSec Architecture, frameworks and policies, standards
• Ensure alignment of security policies across different Business Units (BUs) and with industry standards and compliance requirements

Risk Management:

• Collaborate with BUs in risk assessments and identify vulnerabilities in systems, applications, and processes
• Develop and implement risk mitigation strategies and controls
• Review contracts and the associated documents with specific focus on risks related to cybersecurity and compliance with regulations such as GDPR.

Security Awareness:

• Design and conduct Phishing Simulation exercises as part of the overall effort in promoting security awareness and best practices among employees

Incident Response and Management:

• Review BU’s security incident response plans
• Co-lead incident response efforts with BU Leads in the event of security incidents
• Coordinate with Legal, IT, and other relevant departments during incident investigations

Security Monitoring and Operations:

• Manage Bug Bounty Program
• Manage outsourced security service providers
• Review, analyse and ensure the timely closure of security vulnerabilities, alerts, and issues while working with BU-InfoSec to plan for remediation or implementing controls to mitigate them

Security Projects and Initiatives:

• Evaluate and select security solutions, including the negotiation of the associated contracts
• Lead security projects and work closely with internal IT team and BU-InfoSec in rolling out security solutions
• Manage, operate and fine-tune security solutions deployed within the organisation with the support of BU-InfoSec and the vendors
• Carry out Red-Teaming exercises

Security Team Management:

• Lead and manage junior security team members, including training  and development, and performance evaluations
• Set team goals, objectives, and KPIs to ensure effective security operations
• Foster a culture of collaboration, innovation, and continuous improvement within the security team

Pre-Requisites :

• Degree in Computer Science or Cyber Security with at least 7 years of cybersecurity experience
• Possess industry certifications such as CISSP, CEH and AWS Security
• Proven track record of progressively responsible roles in cybersecurity, with managerial experience
• Hands-on experience in security solutions implementation, management and operations, coupled with the knowledge of techniques to exploit vulnerabilities in networks, systems and applications
• Proficiency in various cybersecurity solutions, including firewalls, SIEM, VAPT, Privileged Access Management (PAM), Breach & Attack Simulation systems (BAS) and Security Orchestration & Automated Response (SOAR)
• Experience in network security, AWS cloud security, and application security best practices
• Experience with investigating threat campaign(s) techniques, lateral movements, Command and Control communications, and indicators of compromise (IOCs)
• Good Purple Team and Blue team experience.
• Red Team experience will be advantageous.
• Good working knowledge of risk management, BCP and security frameworks (NIST or ISO2700), compliance frameworks (GDPR) and Technology Risk Management Frameworks (e.g., MAS TRM)
• Strong project management and stakeholder management skills
• Excellent oral/written communication skills and interpersonal skills
• Positive mindset, open-minded, flexible and proactive
• A strong multi-tasker with a keen eye for detail
• Experience in an end-user environment and managing cyber security vendors

Are you game?

Company :

Highmark Health

Job Description : 

JOB SUMMARY

This job provides Information Security and Risk Management services for the Organization. Works with peers within security, HM Health Solutions customers and application teams to ensure alignment with current and future security needs. Manages activities of various Information Security personnel. Makes decisions on personnel actions (promotions, hiring, terminations, etc.). Develops talent, addresses resource management, cultivates capabilities of staff, planning and coordination of work, and managing performance. Conducts the oversight of security technology products for network, systems, and data. Controls expenses within the operating unit and is responsible for meeting budget goals. Actively contributes to the Information Security ans Risk Management (ISRM) strategic planning process by working with the Directors to develop and implement department strategic plans and action steps that support the corporate strategic objectives. Actively involved in the coordination, implementation, problem solving, communication, and training of new technologies and processes, as they are developed and moved into the environment. Develops and presents Information Security awareness and training programs.

ESSENTIAL RESPONSIBILITIES

• Perform management responsibilities including, but not limited to: involved in hiring and termination decisions; coaching and development; rewards and recognition; performance management and staff productivity.
• Plan, organize, staff, direct and control the day-to-day operations of the department; develop and implement policies and programs as necessary; may have budgetary responsibility and authority.
• Provide oversight of all aspects of project management to ensure continuous improvement of processes: negotiate and collaborate with leadership and staff to develop security solutions and options; develop and adhere to internal standards and strategies; ensure adherence to approved methodologies; coordinate resources, time, contingency plans and risk management.
• Provide leadership to the department: lead and champion organizational change; encourage participation in activities that support relationship development; champion information security innovation; encourage and enforce proper training in regards to security issues.
• Ensure compliance to Corporate and Information Security policies, standards and  procedures.
• Communicate effectively with all levels of the organization: facilitate meetings; plan, design and provide presentations; represent HM Health Solutions with outside entities; prepare divisional procedures, policies, reports and correspondence;  spread awareness of new and existing security threats; provide oversight regarding metrics, funding, budgets and resources. 
• Other duties as assigned or requested.

EDUCATION

Required

• Bachelor’s Degree in Information Security, Information Systems,  Information Assurance, Computer Science or related field

Substitutions 

• 6 years of relevant experience substitution for a Bachelor's Degree

Preferred

• Master’s Degree in Computer Science, Information Security or related field

EXPERIENCE

Required

• 7 - 10 years in Information Security and/or Information Risk Management and/or Information Technology
• 7 - 10 years in developing, communicating and presenting Information Security and Risk Management concepts to varying audiences                  
• 1 - 3 years in mentoring others in a leadership role                            
• 1 - 3 years in Staff Management  
• 1 - 3 years in developing and executing strategic plans to realize business objectives

Preferred

• 10 - 15 years in Information Security and/or Information Risk Management and/or Information Technology
• Experience managing an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework                  
• Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits                           
• Experience establishing budgets and meeting fiduciary goals
• Security industry organization participation/leadership (HITRUST, ISACA, InfraGard, ISC2, ISSA, etc.)

LICENSES AND CERTIFICATIONS

Required

• None

Preferred

• Certified Information Systems Security Professional (CISSP) OR
• Certified Information Security Manager (CISM) OR
• Certified in Risk and Information Systems Controls (CRISC) OR
• Information Technology Infrastructure Library (ITIL)

SKILLS

• Knowledge of regulatory requirements such as Health Insurance Portability and Accountability Act (HIPPA), Payment Card Industry Data Security Standards (PCI DSS), and FIPS-140
• Strong teamwork and interpersonal skills                              
• Experience in leading process improvement initiatives                      
• Ability to motivate high performance, multi-discipline teams                            
• Demonstrated competency in project execution
• Demonstrated abilities in relationship management

Languages (Other than English)

None

Travel Requirement
0% - 25%

PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS

Position Type

Office-Based

Teaches/Trains others regularly

Frequently

Travels regularly from the office to various work sites or from site-to-site

Occasionally

Works primarily out-of-the office selling products/services (Sales employees)

Does Not Apply

Physical Work Site Required

Yes

Lifting: up to 10 pounds

Does Not Apply

Lifting: 10 to 25 pounds

Does Not Apply

Lifting: 25 to 50 pounds

Does Not Apply

Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.

Compliance Requirement: This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.

As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times.  In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy. 

Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.

Pay Range Minimum:

$108,000.00

Pay Range Maximum:

$199,800.00

Base pay is determined by a variety of factors including a candidate’s qualifications, experience, and expected contributions, as well as internal peer equity, market, and business considerations.  The displayed salary range does not reflect any geographic differential Highmark may apply for certain locations based upon comparative markets.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, age, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, age, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability. 

EEO is The Law

Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled/Sexual Orientation/Gender Identity (https://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf)

We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact number below.

For accommodation requests, please contact HR Services Online at HRServices@highmarkhealth.org

California Consumer Privacy Act Employees, Contractors, and Applicants Notice

Job Title

Sr. Information Security Manager

Job Description

In this role, you have the opportunity to

Information Security Lead will be responsible for developing, implementing and monitoring a strategic, comprehensive IT security plan for platforms across Enterprise IT. Information Security Lead will provide the vision and leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective governance, system and infrastructure availability, integrity and confidentiality. This position reports to Head of Enterprise IT Security.

Information Security Lead need to be strong in the below mentioned areas:

• Threat modelling

• Security Testing (includes Dynamic, Static Security Testing),

• Penetration Testing

• Application Architecture review

• Cloud Security Architecture Review

• Define Security Use Cases

• Cloud Platform Security

• API Security

• Open AI/GenAI Security

• Data Lake Security

• Modern Authentication

• SDLAN Security

• Network Segmentation

• MITRE Attack Framework

• Cyber Security Framework based on Industry Standard / Best Practices

• CIS Baseline Validation

• Microsoft Defender Implementation and Monitoring (Malware, EDR, ATP)

• Microsoft 365 Security

• Designing of Conditional Access Policy

You are responsible to:

• Develop and maintain robust security controls to protect Philips business from security breaches/ incidents.

• Deliver security demand from the business for security controls.

• Gather Security Management Framework and information security architectural requirements and drive compliance of Enterprise IT systems against those requirements.

• Manage risk profile of the IT-systems and Suppliers

• Drive education and awareness activities across platform and Enterprise IT.

• Evaluate new cybersecurity threats and IT trends and develops effective security controls.

• Establish regular governance with service owners to review security controls status

• Liaison with Philips Information Security Office in driving security Improvement Program

• Evaluate potential security breaches, coordinates response, and recommend corrective actions.

• Define and report on information security KPIs.

• Organize the preparation of the security status dashboards including presentation to executive management.

• Analyze application end to end, prepare threat modeling (STRIDE, PASTA & DREAD) based on different risk scenarios and dirve to fix those risks

• Cloud Security Management that includes Security Posture Management, Security Baseling, Code validation for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard Firewall Management, Docker Security, Kubernetes securtiy

• Prepare security use cases / functional requirements that new solutions need to meet. Validate those requirements are met when the solution is delivered

• Perform API Security testing that includes – API inventory, logging and monitoring, API Gateway Security, API Services Security.

• Exposure to network security which includes network segmentation, DDoS, Network Devices Security Baselining and monitoring, firewall rules review for any deviation.

• Application Security – integration of security tooling with CI/CD pipeline, review of security reports and follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code Review etc.

• Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication, design conditional access policy

• Management of foundational security tooling e.g. tools like Defender, EDR, Vuln Mgmt, CMDB agent.

• Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real threat actors.

• Perform attack pattern analysis based on MITRE Attack framework, support solution development to address the pattern

• Define Data Protection roadmap and work with architecture to meet the requirement. Deploy data protection tools like CASB, DLP etc.

You are a part of

Enterprise IT Security team working closely with Enterprise IT, IT Platform Leaders, CIO and CISO.

To succeed in this role, you should have the following skills and experience

Soft Skills

• Excellent English language communication skills, both verbal and written. Cross-cultural etiquettes, customer centric and collaborative mindset.

• Works autonomously within established procedures and practices.

• Good command on stakeholder management, judgement, conflict resolution, risk & mitigations.

• Provides leadership to the global team at strategic, tactical, and operational level

• Maintains current knowledge of industry and regulatory trends and developments for the enterprise technology.

• Specialized in a number of Security domains such as incident response, operational assessment of security posture, general security management.

• Thorough understanding of Security Management principles, Security governance principles

Qualification

• Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering security solutions.

• Overall Enterprise IT Security experience of 10 yrs or more.

• Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.

In return, we offer you

A warm welcome to a challenging, innovative environment with great opportunities for you to explore. Quality is right on the top of Philips leadership agenda and that means you have the unique opportunity to come in and have a recognized voice to drive and witness exciting, transformational changes. You will be empowered to drive high quality, groundbreaking innovations with a globally recognized, premium brand behind you. Next to that a rewarding career in Philips with attractive package

Why should you join Philips?

Working at Philips is more than a job. It’s a calling to create a healthier society through meaningful work, focused on improving 2.5 billion lives a year by delivering innovative solutions across the health continuum. Our people experience a variety of unexpected moments when their lives and careers come together in meaningful ways.

About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
• Learn more about our business.
• Discover our rich and exciting history.
• Learn more about our purpose.

If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our commitment to diversity and inclusion here.

#DIW

Gestalten Sie mit uns die Zukunft von e-Health als Information Security Manager (m/w/d)!

Als Pionier im Digital Health schlägt unser Herz für die Entwicklung und Umsetzung neuer Technologien. Sie möchten Ihr Engagement und Ihr Know-How einbringen, aktiv ausbauen und als Team gemeinsam Fortschritte erzielen? Dann sind Sie bei uns genau richtig! Neben einem großartigen Team erwarten Sie spannende Aufgaben und ein agiles Arbeitsumfeld.

Sie werden Teil des Wachstumsmarktes Healthcare IT und kümmern sich als Mitglied eines erfahrenen Teams um die Betreuung unserer Krankenhausinformationssysteme (KIS). Für die nächste Stufe der e-Health Evolution suchen wir zum ehest möglichen Zeitpunkt erfahrene Verstärkung (m/w/d) im Bereich Information- & Cyber-Security!

Ihr Beitrag:

• In Ihrer Schnittstellenfunktion verantworten Sie die sicherheitsrelevante Koordination unserer Medizinprodukte zwischen der Softwareentwicklung, dem Produkt- bzw. Projektmanagement sowie dem Consulting bzw. Support.
• Dabei übernehmen Sie die Prozessdokumentation innerhalb des Qualitätsmanagements (ISO 13486 sowie MDR EU2017/745) und gewährleisten die Einhaltung von Sicherheitsregelungen sowie Sicherheitsvorschriften.
• Sie koordinieren Eskalationen, Reaktionen und Meldungen von Vorfällen und lösen Probleme bei nichtkonformen Produkten bzw. Prozessen.
• Ihr praxiserprobtes Wissen hilft Ihnen bei der Identifikation von Verbesserungspotentialen sowie bei der Bewusstseinsschärfung in Bezug auf die Informationssicherheit unserer Produkte.

Das bringen Sie mit:

• Abgeschlossene Ausbildung oder Studium im Bereich IT oder Naturwissenschaften bzw. alternativ gleichwertige Berufserfahrung.
• Erste praktische Erfahrung im Bereich Cyber-Security Management (Erfahrung im Umfeld Medizinprodukte Software ist dabei von Vorteil).
• Grundlegende Normkenntnis und Wissen zu ISO 81001, ISO 27001 und Know-How im Bereich Medical Device Regulation.
• Sie sind lösungsorientiert und bringen eine hohe Lernbereitschaft sowie ein rasches Auffassungsvermögen mit.
• Selbstständigkeit und Eigeninitiative sowie Belastbarkeit.
• Ausgeprägte kommunikative Fertigkeiten sowie Freude am Arbeiten im Team.
• Verhandlungssichere Deutsch- wie Englischkenntnisse in Wort und Schrift runden Ihr Profil ab.

Was Sie von uns erwarten können:

• Eine verantwortungsvolle Tätigkeit in einer wachsenden internationalen Unternehmensgruppe. 
• Eine umfassende Einschulung.
• Spannende Aufgaben und Entwicklungsperspektiven in einem nachhaltig wachsenden Konzern. 
• Eine enge Zusammenarbeit innerhalb des Teams.
• Homeoffice je nach Vereinbarung.
• Flexible Arbeitszeiten, die eine gute Balance von Arbeit und Freizeit ermöglichen.
• Diverse Social Events wie mehrtägige Abteilungsausflüge, Sommerfest, Weihnachtsfeier, ...
• Digitales Feel Good Management mit vielfältigen Angeboten für Ihre Gesundheit, z. B. Home-Workouts, Ernährungsberatung, Mentaltrainings, etc.
• Moderne Arbeitsplätze, Mitarbeiterrabatte, u.v.m. sorgen für ein angenehmes Arbeitsumfeld.

Wenn Sie sich angesprochen fühlen, bieten wir Ihnen bei einschlägiger Erfahrung auf Basis Vollzeit ein Bruttojahresgehalt ab € 52.150,-. Wir richten uns dabei nach dem IT-Kollektivvertrag.

Falls Sie eine höhere Qualifikation oder einschlägige Berufserfahrung mitbringen, sind wir natürlich zu einer marktkonformen Überzahlung bereit.

Überzeugt? Sie erleichtern es uns schnell richtige Entscheidungen zu treffen, wenn Sie uns Ihre aussagekräftigen Unterlagen mit Ihrem Motivationsschreiben inkl. Foto, Ihre Gehaltsvorstellungen und Ihr frühestmöglichen Eintrittstermin übermitteln.

Job Title

Information Security Architect (Manager)

Job Description

As an Information Security Manager, you will be responsible for developing, implementing and monitoring a strategic, comprehensive IT security program while ensuring compliance with regulatory requirements, and mitigating risks to the organization's information assets. Information Security Manager will provide the vision and leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective governance, system and infrastructure availability, integrity and confidentiality.

Your role:

• Develop and maintain robust security controls to protect Philips’s business from security breaches/
• incidents.
• Evaluate new cybersecurity threats and IT trends and develop effective security controls.
• Gather Security Management Framework and information security architectural requirements together with driving compliance of Enterprise IT systems against those requirements.
• Manage the risk profile of the IT systems and Suppliers
• Drive education and awareness activities across the platform and Enterprise IT.
• Liaison with Philips Information Security Office in driving the security Improvement Program.
• Evaluate potential security breaches, coordinate response, and recommend corrective actions.
• Analyze application end to end, prepare threat modelling (STRIDE, PASTA & DREAD) based on different risk scenarios and drive to fix those risks
• Perform Cloud Security Management that includes Security Posture Management, Security Baseline, Code validation (for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard)
• Advise on network security which includes network segmentation, DDoS, Network Devices Security
• Baselining and monitoring, and firewall management, Docker Security and Kubernetes security
• Prepare security use cases / functional requirements that new solutions need to meet and validate implementation
• Perform API Security testing that includes – API inventory, logging and monitoring, API Gateway Security, API Services Security.
• Perform Application Security – integration of security tooling with CI/CD pipeline, review of security reports and follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code Review etc.
• Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication,design conditional access policy
• Management of foundational security tooling e.g. tools like Defender, EDR, Vulnerability Management, CMDB agent.
• Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real threat actors.
• Perform attack pattern analysis based on MITRE Attack framework, support solution development to address the pattern
• Define Data Protection roadmap and work with architecture to meet the requirement.

You're the right fit if:

• You have 10 years of overall Enterprise IT Security experience
• You have strong hands-on experience and technical understanding
• You have senior level in the domain of security & operations management
• You have in-depth knowledge of overall Information Security areas: Threat modelling, Security Testing (includes Dynamic and static Security Testing), Application Security Architecture, Cloud & Network Security Architecture, Cloud Platform Security, Data Lake Security, Network Segmentation, Cyber Security Framework Based on Industry Standard / Best Practices, Microsoft 365 Security, Conditional Access Policy
• You have Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering security solutions
• You have thorough understanding of Information Security Management principles, Security governance principles
• You have good command of stakeholder management, judgment, conflict resolution, risk & mitigations
• You have leadership skills and customer centric mindset
• You have very good English language communication skills (both verbal and written)
• You are person with high standards of personal integrity (willing to undergo vetting and/or personality assessments to verify this if necessary)
• You have Security Certifications such as CISSP, CISM, CISA, CIPP or similar (would be an advantage)

Our benefits:

• Hybrid model of working
• Annual bonus based on performance achieved  
• Private medical care with the option to extend it to family members  
• Benefit System cards  
• Discount for Philips’ products  
• Wide variety of trainings & learning opportunities
• Promotion of a healthy lifestyle in the office
• Employee Assistance Program

About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
• Learn more about our business.
• Discover our rich and exciting history.
• Learn more about our purpose.

If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our commitment to diversity and inclusion here.

#LI-EU
#-LI-Hybrid

#gbs

Manager, Information Security

Job Title:  Regional Manager Information Security Officer (LATAM)
Position type: Permanent
Location: Bogota, Colombia
Job family: Security

About Your Business Area/Department:

This role acts as a primary regional contact and collaborator whose mission is to improve the security posture as well as adopt and standardize processes in coordination with the regional/local management and the Global Chief Information Security Officer (CISCO).  Being the Information Security Point of Contact for LATAM, they have the responsibility of working with business functions and other organizations concerning Risk Management, Vulnerability Management, Security Operations, Incident Response, and Audit as well as Finance, Legal, Compliance, and HR to address country/region specific Information Security standards and regulations.

As an integral part of the Regional Information Security Office, the team is an enabler and partners with business functions to satisfy security requirements and allow the business to move forward. The goal is to comply with the Amadeus Security Policies and Standards by supporting Amadeus ISMS (Information Security Management System) while staying in close partnership/relationship with the Incident Response Lead on IT Security events. The RISOs do their utmost to ensure that local processes and criteria in scope, are followed and applied in the regions.

Summary of the role:

Lead the regional information security function for LATAM in collaboration with Regional Information Security Officer (RISO) for the Americas and the Global Chief Information Security Office.

Ensures alignment with the group strategy, priorities, and operating model. The position reports to the Regional Information Security Officer for AMERICAS.

This role acts as a primary contact to maintain and improve the region’s security posture as well as adopt and standardize global processes.  Being the primary Information Security Point of Contact for LATAM, they have the responsibility of working with business functions and functional organizations concerning Risk Management, Vulnerability Management, Security Operations, Incident Response, Audit, Legal, Compliance and HR to address region specific Information Security standards and regulations.

As an integral part of the Regional Information Security Office, the person is an enabler and partners with business functions to satisfy security requirements.

In this role you’ll:

• Support business units and IT departments on Information Security matters and projects.
• Support regional and global CISO in creating and consolidating all security policies,  processes and activities.
• Regional support on company response to security requests from Customer Services Agreements.
• Escalation Point of Contact for Business Information Security Officers (BISOs) with regional customer security requests.
• Regional support for HR, Legal Counsel, Compliance, Risk & Compliance teams.
• Regional support for Corporate Security Awareness Program.
• Regional support for RFI / RFP engagements.
• Act as Regional Security Incident Manager upon Global Security Incident Response request and for major regional incidents.
• Regional representation and contribution to Fraud Prevention initiatives.
• Perform risk analyses and information security audits.
• Prepare and issue regular regional security risk map.
• Define and report on regional security KRIs and KPIs.
• Lead post-mortem regional remediation plan following major incidents in the region.
• Contribute to regional public forums in travel industry events.
• Support regional assessments of Security posture, and due diligence.
• Contribute to regional integration process after acquisition.
• Propose solutions to ensure compliance with regional legal rules and regulations.
• Interface with customers on CISO-related Security questions according to Customer Services Agreements.
• Review suppliers, partners and distributors’ agreements for compliance with company Security Requirements (ASRs).

Frequent Interactions:

• Business Units, Technical and Domain Information Security Officers, Legal, Compliance, Privacy, Global CISO group, partners, and distributors
• Internal and external Auditors
• Customers (Airlines, Airports, Travel Agents) including their Legal Department

About the ideal candidate:

• Bachelor’s degree in computer sciences (IT, Cyber Security, Risk Management or related field).
• 6-8 years of Information security, and IT risk management experience.
• Ability to adapt the information security requirements to the business.
• Ability to understand the security requirements driven by the travel industry.
• Cyber Security, Risk Management, Vulnerability Management, Security Operations, Incident Management, Asset Protection, IT Infrastructure, Security Engineering, Web and App Security,  Networking, VOIP, Wireless, LAN/WAN, Identity and Access Management, Security Penetration Testing, Software Development, Incident Management, Disaster Recovery. Forensics.
• Fluent in Spanish and English (written and spoken)
• Familiarity with ISO27001, NIST, PCI-DSS Frameworks
• Security attestation reports
• Data Protection and Privacy Regulations
• Regional Cyber Security Laws
• Effective communication and leadership skills
• Must be able to work hybrid
• 10-20% Travel required for the role to visit other LATAM locations

 

What we can offer you:

• Get rewarded with  competitive remuneration, individual and company annual bonus, vacation and holiday paid time off, health insurances and other competitive benefits.
• Professional development to broaden your knowledge and enhance your skills with on-line learning hubs packed with technical and soft skills training that allow you to develop and grow.

• Enter a diverse and inclusive workplace, join one of the world’s top travel technology companies and take on a role that impacts millions of travelers around the globe.

Application process: 

The application process takes no longer than 10 minutes!
Create your candidate profile, upload your Resume/CV and apply today!

Working at Amadeus, you will find

🎯 A critical mission and purpose - At Amadeus, you will be powering the future of travel and pursuing a critical mission and extraordinary purpose.

🌎 A truly global DNA - Everything at Amadeus is global, from our people to our business, which translates into our footprint, processes, and culture.

🎓 Great opportunities to learn - Learning happens all the time and in many ways at Amadeus, through on-the-job training, formal learning activities, and day-to-day interactions with colleagues.

🤗 A caring environment - Amadeus fosters a caring environment, nurturing both a fulfilling career and personal and family life. We care about our employees and strive to provide a supportive work environment.

💰 A complete rewards offer - Amadeus provides attractive remuneration packages, covering all essential components of a competitive reward offer, including salary, bonus, equity, and benefits.

🌟 A flexible working model - We want our employees to do their best work, wherever and however it works best for them.

🌈 A diverse and inclusive community - We are committed to leveraging our uniquely diverse population to drive innovation, creativity, and collaboration across our organization.

📈 A Reliable Company - Trust and reliability are fundamental values that drive our actions and shape long-lasting relationships with our customers, partners, and employees.

#LI-AM2024

Diversity & Inclusion

We are an Equal Opportunity Employer and seek to hire the best candidate regardless of age, beliefs, disability, ethnicity, gender or sexual orientation.

Job Title

Information Security Architect (Manager)

Job Description

As an Information Security Manager, you will be responsible for developing, implementing and monitoring a strategic, comprehensive IT security program while ensuring compliance with regulatory requirements, and mitigating risks to the organization's information assets. Information Security Manager will provide the vision and leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective governance, system and infrastructure availability, integrity and confidentiality.

Your role:

• Develop and maintain robust security controls to protect Philips’s business from security breaches/
• incidents.
• Evaluate new cybersecurity threats and IT trends and develop effective security controls.
• Gather Security Management Framework and information security architectural requirements together with driving compliance of Enterprise IT systems against those requirements.
• Manage the risk profile of the IT systems and Suppliers
• Drive education and awareness activities across the platform and Enterprise IT.
• Liaison with Philips Information Security Office in driving the security Improvement Program.
• Evaluate potential security breaches, coordinate response, and recommend corrective actions.
• Analyze application end to end, prepare threat modelling (STRIDE, PASTA & DREAD) based on different risk scenarios and drive to fix those risks
• Perform Cloud Security Management that includes Security Posture Management, Security Baseline, Code validation (for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard)
• Advise on network security which includes network segmentation, DDoS, Network Devices Security
• Baselining and monitoring, and firewall management, Docker Security and Kubernetes security
• Prepare security use cases / functional requirements that new solutions need to meet and validate implementation
• Perform API Security testing that includes – API inventory, logging and monitoring, API Gateway Security, API Services Security.
• Perform Application Security – integration of security tooling with CI/CD pipeline, review of security reports and follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code Review etc.
• Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication,design conditional access policy
• Management of foundational security tooling e.g. tools like Defender, EDR, Vulnerability Management, CMDB agent.
• Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real threat actors.
• Perform attack pattern analysis based on MITRE Attack framework, support solution development to address the pattern
• Define Data Protection roadmap and work with architecture to meet the requirement.

You're the right fit if:

• You have 10 years of overall Enterprise IT Security experience
• You have strong hands-on experience and technical understanding
• You have senior level in the domain of security & operations management
• You have in-depth knowledge of overall Information Security areas: Threat modelling, Security Testing (includes Dynamic and static Security Testing), Application Security Architecture, Cloud & Network Security Architecture, Cloud Platform Security, Data Lake Security, Network Segmentation, Cyber Security Framework Based on Industry Standard / Best Practices, Microsoft 365 Security, Conditional Access Policy
• You have Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering security solutions
• You have thorough understanding of Information Security Management principles, Security governance principles
• You have good command of stakeholder management, judgment, conflict resolution, risk & mitigations
• You have leadership skills and customer centric mindset
• You have very good English language communication skills (both verbal and written)
• You are person with high standards of personal integrity (willing to undergo vetting and/or personality assessments to verify this if necessary)
• You have Security Certifications such as CISSP, CISM, CISA, CIPP or similar (would be an advantage)

Our benefits:

• Remote or hybrid model of working
• Annual bonus based on performance achieved  
• Private medical care with the option to extend it to family members  
• Benefit System cards  
• Discount for Philips’ products  
• Wide variety of trainings & learning opportunities
• Promotion of a healthy lifestyle in the office
• Employee Assistance Program

About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
• Learn more about our business.
• Discover our rich and exciting history.
• Learn more about our purpose.

If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our commitment to diversity and inclusion here.

#LI-EU
#-LI-Hybrid

#gbs