Tata Steel Hiring For Manager Information Security & Compliance at Jamshedpur ,  India

Role Description

• Creation of Business Value through IT interventions
• Compliance, Design and Improvement to IT processes/methodologies and IT Architecture
• IT Projects in time and within Budget
• Cost effective IT Solution.
• Provide Effective IT Support and Service Delivery
• Roll out of TSL IT Architecture and solutions as per strategy.

S. No.

Key Objective / Overall Job Responsibility

Technical Support for Enterprise IT Network Infrastructure and communication services

Delivery of Infrastructure projects as per laid down infrastructure standards

Compliance to the departmental and organization wide safety and quality norms.

Compliance to Cyber Security Standards for Network & Communication Infra and related services

Defining and upgrading current technology standards

Security Strategy: Develop and implement an organization-wide IT security strategy to protect digital assets and data.

Compliance: Ensure compliance with relevant regulations, standards (e.g., GDPR, HIPAA, PII, CERT In ), and industry best practices.

Risk Assessment: Identify and assess security risks, vulnerabilities, and threats. Implement measures to mitigate these risks.

Security Policies: Develop, update, and enforce IT security policies and procedures.

Incident Response: Establish and manage an incident response plan to address security breaches or incidents promptly.

Security Awareness: Conduct security awareness training for employees and stakeholders.

Access Control: Manage user access control, including authentication and authorization systems.

Security Audit and Cyber Drills: Plan and oversee security audits and assessments.

Vendor Management: Evaluate and ensure the security of third-party vendors and service providers.

Security Technologies: Identify, Implement and manage security technologies such as firewalls, intrusion detection systems, and antivirus solutions.

Data Protection: Oversee data encryption, data loss prevention, and data backup strategies.

Security Reporting: Provide regular reports on security status, incidents, and compliance to senior management.

Skills

Relevant work exposure with an organization delivering or managing IT Services in a role preferably in any of the following domains:

Perimeter Security Management

Oversee and manage perimeter security solutions such as firewalls, IDS/IPS, and VPNs.

Continuously monitor and respond to threats at the network perimeter.

Cloud Security

Manage cloud security strategies, including cloud proxy and Cloud Access Security Broker (CASB) solutions.

Conduct cloud security posture assessments and ensure compliance in cloud environments.

Zero Trust Network Architecture

Implement and manage a Zero Trust network architecture, including secure remote access solutions.

Continuously assess and improve network access controls.

Secure Architecture Design Assessment

Collaborate with the architecture team to assess and enhance the security of IT systems and solutions.

Ensure security is integrated into the design of new projects.

Network Security (IT And OT)

Oversee both IT and Operational Technology (OT) network security.

Implement measures to protect critical infrastructure and industrial control systems.

Security Operations Center (SoC)

Manage the SoC team responsible for monitoring, detecting, and responding to security incidents.

Ensure the SoC operates effectively and efficiently.

Next-Generation Firewall (NGFW)

Implement and maintain NGFW solutions to protect the network from advanced threats.

Configure and tune NGFW policies for optimal security.

Application Security (AppSec)

Ensure the security of applications through regular assessments and code reviews.

Collaborate with development teams to remediate vulnerabilities.

Vulnerability Assessment And Penetration Testing (VAPT)

Conduct regular vulnerability assessments and penetration tests to identify and mitigate security weaknesses.

Configuration Review

Review and validate security configurations across systems and devices.

Enforce secure configuration standards.

Active Directory (AD) And DNS Management

Oversee AD and DNS infrastructure security.

Implement Baseline Security access controls and authentication policies.

Mail and Internet Advanced threat of communication

Knowledge And Skills Of Critical Surround Systems

• Application Virtualization for Partner Access:
• Manage secure application virtualization solutions for partner access.
• Knowledge of DevSecOps
• Knowledge of Cryptography, SSL etc
• Ensure secure and controlled access for external partners.

Knowledge of Communication and Collaboration services under O365

• Mobile Network and Wi-fi guest Network
• Push Mail Services to Mobile Devices etc.
• Relaying and related security
• Secure Data exchange across heterogeneous network and platforms

Other Details

• BE/BTech, BSc(Engineering), ME/MTech, MBA/PGDM, MCA, MSc (Maths , Stats , OR ,Physics)
• Must be a Full Time Course