Manager - Information System Security

Information Technology Mumbai, India New Delhi, India Bengaluru, India


Manager - Information system security 

What is WRII?

World Resources Institute (WRI) is an independent, nonprofit global research organization that turns big ideas into action at the nexus of environment, economic opportunity and human well-being. Our work focuses on building sustainable and liveable cities and working towards a low carbon economy. Through research, analysis, and recommendations, WRI India puts ideas into action to build transformative solutions to protect the earth, promote livelihoods, and enhance human well-being.

We are inspired by and associated with World Resources Institute (WRI), a global research organisation with more than 1000 experts and other staff around the world. World Resources Institute began in Washington, DC, in 1982 to provide cutting edge analysis to address global environment and development challenges. WRI spans more than 50 countries, with offices in BrazilChina, Europe, India, Indonesia, and the United States. In all of these locations, WRI works with government, business, and civil society to drive ambitious action based on high-quality data and objective analysis.

WRI India has the capacity to convene key stakeholders, and forge strategic partnerships with governments, business, foundations, civil society organizations, institutes and NGOs, to scale-up solutions that can bring game-changing results for the sustainable management of natural resources in India.

 

Position Overview:

The Information Systems Security Manager performs two core functions for the enterprise. The first is the day-to-day operations of the in-place security solutions (directly or indirectly) to ensure the secure operation of the in-house and cloud-based computer systems, servers, and network connections. This person will also analyze and resolve security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits where required.

The second is the involvement in the design implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as assisting in vulnerability audits and assessments. The INFORMATION SECURITY MANAGER is expected to be fully aware of and help create, formalize and implement the enterprise’s security goals.

 

Responsibilities:

  • IT Infrastructure Roles
    • Participate in the planning and development of enterprise security architecture, (infrastructure, hardware, and operating systems) and additional involvement in the implementation solutions under the direction of the Global IT Director:
      • Participation in the creation of enterprise security documents (policies, standards, baselines, guidelines, architecture, and procedures)
      • Participation in the planning, design, and execution of an enterprise Business Continuity Plan, Disaster Recovery Plan, and Change Management Programs.
      • Participation in the planning, design, and execution of Group Security Polices via Active Directory for infrastructure and operating systems.
      • Device security, encryption techniques, standards, policies and procedures.
  • Applications & Deployment Roles
    • Responsible for working with Application Development for roles and authorizations for all applications and developing roles based/segregation of duties authorizations. Responsibilities will include:
      • Documenting roles based access requirement
      • Working with Business teams to develop the organizational segregation requirements for roles for various Line of Business applications.
      • Web-Social Networking, Responsible for understanding security requirements and best practices in Web and Social Networking.
  • Reporting and Decision Support Roles
    • Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.

Operational Management:

  • Manage all Information Security related vendors, outsourcers, and contractors to obtain protection services and products.
  • Design, manage, and perform WRI’s information security awareness program.
  • Lead the Incident response team and act as first point of contact for all information security related activities and participate in investigations into problematic activity.
  • Maintain all documentation pertaining to Security configuration of devices and software.
  • Participate in the design and execution of vulnerability assessments, penetration tests and security audits.
  • Work in conjunction with appropriate resources (insourced and outsourced) to deploy, manage and maintain all security systems and their corresponding or associated software, including but not limited to firewalls, intrusion detection systems, and anti-virus software.
  • Participate in external and internal audits related to IT.
  • Stay abreast of the ever-changing trends and tools in the field of the information security.

Qualifications:

  • College diploma or university degree in the field of computer science and/or 5 years equivalent work experience.
  • One or more of the following certifications is preferred but not required:
    • CompTIA Security+
    • GIAC Information Security Fundamentals
    • Microsoft Certified Systems Administrator: Security
    • CISSP

 

Knowledge & Experience:

  • 7- 10 years of relevant and progressive experience in an enterprise IT organization with 5-7 years’ experience in Information Security
  • Deep understanding of information security risk controls and a thorough knowledge of IT processes and controls
  • Strong analytical and problem-solving skills; ability to quickly execute on strategic decisions to drive organizational results
  • Experience in designing and delivering employee security awareness training programs.
  • Experience with Information and Access Management platforms and best practices (Active Directory, O365, Azure, AWS, etc.)
  • Experience in developing Business Continuity Plans and Disaster Recovery Plans.
  • Hands-on knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices
  • In-depth technical knowledge of network, PC, MAC, and platform operating systems.
  • Working technical knowledge of various mobile technologies and securing said technologies
  • Familiarity with Cloud computing.
  • Knowledge of applicable practices and laws relating to data privacy and protection.
  • Ability to conduct research into IT security issues and products as required.
  • Knowledge and experience in evolving an IT organization towards compliance with PCI-DSS, GDPR, HIPAA and other information security and data privacy regulations

Personal Attributes:

  • Strong Operational and Execution Mindset
  • Demonstrated superior communication skills at all levels within an organization.
  • Strong Ability to translate technical content into business understandable terms
  • Strong positive leadership skills with demonstrated ability to navigate a team through a dynamic environment.
  • Proven analytical and problem-solving abilities.
  • Highly self-motivated and directed.
  • Team-oriented and skilled in working within a collaborative environment.
  • Strong organizational skills.
  • Excellent attention to detail.

Salary and Benefits:

Salary shall be commensurate with experience and skills. WRI offers a generous and comprehensive benefits package.

Location: Mumbai / Bangalore / Delhi, India

To Apply: Qualified applicants should apply online at www.wri.org/careers. All applications must be submitted online through this career portal in order to be formally considered. Only shortlisted applicants will be contacted for interview purpose.

 

Finalized candidate will be required to take a writing/analytical test.

 As an Equal Opportunity Employer, it is WRI’s policy to recruit, hire, and provide opportunities for advancement in all job classifications without regard to caste, color, religion, sex, national origin, age, citizenship, marital status, sexual preference, parental status, or disability. WRI’s global agenda requires a staff that is diverse – with respect to race, gender, cultural, and international background. Diverse perspectives and experience enhance the way WRI selects and approaches issues, as well as the creativity and applicability of WRI's policy research and analysis. WRI, India therefore, encourages applications from minorities, persons belonging to scheduled castes and scheduled tribes from women of all backgrounds.