Job Description
Information Security
• Provide consultation and security focus to the account’s regional management through the provision of advice, guidance, strategic planning and project management.
• Provide an interface with the Account Customer Security Officers.
• Provide a focal point for information security knowledge and security activities.
• Take responsibility for the end-to-end security of the business process, managing,assessing and initiating implementation of all information security controls.
• Remain independent and report directly to the Delivery Executive and Global SecurityProgram Manager.
• Manage specific contract growth/account opportunities using proven accountmanagement skills.
• Direct the information security focus of the Account’s business within his/her region,maintaining the strategy and plans for delivering the appropriate levels of security.
• Understand the Account Security Requirements.
• Ensure that contractual requirements for security are satisfied and that opportunities toimprove security are identified
• Ensure that comprehensive documented security processes are implemented
• Be conversant with the Account Security Policies, Standards and Guidelines.
• Ensure the appropriate policies, standards & guidelines are in place to mandate the protection necessary for the business and to meet Account Security requirements.
• Provide independent, informed and impartial guidance and in-house consultancy on information security matters and advise IBM competencies on the security implementation of the Account business within the region.
• Represent the Account at a senior level on all information security matters relating to the operation and delivery of account services within the region.
• Promote the visibility and awareness of information security within the account and resolve internal differences.
• Update the senior account management regularly on security matters that affect the Account’s business.
• Provide regional coordination of security activities and knowledge distribution.
• Coordinate the Account security audit inspections within the region and in coordination with the Global Security Program Manager.
• Assist with identifying risks that might expose the account through the use of IBM or Account services.
• Lead investigations in the eventuality of serious security incidents within the region.
• Manage Threat and Risk (TRA/SER) processes, security issues and risks to an acceptable conclusion, SAP (Security Action Plan), ISeC and GSD331 related activities and processes
• Drive the Security Operations Improvement plan. Review and discuss strategic directions for Security Services and future state.
• Risk Assessment, Risk Management and Risk Mitigation.
• Vulnerability Assessment and Penetration Testing.
• Management of Security Services like Firewall, IDS/IPS, Forward and Reverse Proxys, Security Event Logging and Management, URL Filtering, Email Security etc
• Provide Specialist Consultation and Advise for Firewall, IDS/IPS, Forward and Reverse Proxys, Security Event Logging and Management, URL Filtering, Email Security, New Security Product Evaluation etc.
Risk & Compliance
• Part of Risk & Compliance team providing regular cadence reviews to the Account & Compliance Team and driving compliance activities before they become overdue.
• Review/Verify the health of critical processes such as Health check, Patch Management, Risk and Issue Management.
• For Overdues/ Delinquencies provide valid comments, justification, RCA and Action Plan and work with relevant stakeholders to ensure timely and proper resolution.
• Ensure document management guidelines/ processes are adhered to.
• Security Policy Implementation
• Activities to be determined based on the projects / initiatives identified by Geo Compliance Leader.
• Act as IT Audit response focal.
• Provide IT pre-audit and post-audit support for both internal audits and external audits to understand and full fill data requests, understand findings/conditions and
establish rightful ownership of the issues.
• Facilitate the root cause analysis, identification of corrective and preventive actions and follow-up for closure.
• Interlock with SARM, Global Sector Compliance Focal, Sector Executive and other relevant key stakeholders.
• Provide periodic updates on Compliance posture.
• Responsible & Accountable for ensuring smooth audit and compliance functions.
• Lead different kinds of Compliance & Audit testing and deep dives.
• Lead Compliance related Projects & Initiatives
• Work with GEO, India & Global Compliance teams on all Compliance activities.
• Have experience in reporting, presentations, Excel and other reporting tools.
• Ability to understand Risk & Compliance framework and to integrate that to Account / Sector specific requirements
• Ensuring a disciplined approach to issue management with focus on adhering to defined timelines and quality of action implementation
• Play a consultative/advisory role to the sector at large in terms of understanding and implementing key compliance processes
Qualifications
Risk & Compliance
• Part of Risk & Compliance team providing regular cadence reviews to the Account & Compliance Team and driving compliance activities before they become overdue.
• Review/Verify the health of critical processes such as Health check, Patch Management, Risk and Issue Management.
• For Overdues/ Delinquencies provide valid comments, justification, RCA and Action Plan and work with relevant stakeholders to ensure timely and proper resolution.
• Ensure document management guidelines/ processes are adhered to.
• Security Policy Implementation
• Activities to be determined based on the projects / initiatives identified by Geo Compliance Leader.
• Act as IT Audit response focal.
Additional Information
Client Innovation Center (CIC)