Area Manager Cyber Security

Role description

a. Providing assurance to the Audit Committee (AC) of Board of Directors (BOD), the CEO & MD and the Senior Management, on control adequacy and effectiveness on Cyber Posture – internal & external threats / Cloud Computing / IT Infrastructure / Data Security / Application Security / Social Engineering / Governance & Risk Management for uninterrupted business operations.

Executing audits, advisory, and other special projects in accordance with the approved audit plan. Auditor shall undertake reviews of the organization’s cyber threats, cloud infrastructure, Vulnerability Assessment & Penetration Testing, processes and controls to protect its intellectual property, using industry standards as a guide, and provide recommendations for improvements.

Skills

.Reviewing and documenting the existing TSL and Group Company IT security architecture to determine security posture w.r.t regulatory, contractual requirements, industry best practices

Identification and categorization of information assets based on confidentiality, integrity and availability (CIA) triad

Identifying associated threats, vulnerabilities and the risk impacts with each of the information assets

Safeguarding the information assets such as – Software, Hardware, Network etc.

Reviewing IT Systems controls, Mail Messaging System and End User Computing, Risk Management and Threat Intelligence etc.

Reviewing security controls related to hybrid cloud infrastructure, service contract, design and architecture, Business Continuity plan

Auditing controls for cyber threats pertaining to infrastructure, application, operating system and database, and other controls related to backup, DR/ BCP plans, patch management and version control, license control, virus control processes etc.

Application Security Audit including Vulnerability Assessment and Penetration Testing, Network Security Testing, Application Security Testing, Social Engg. etc

Network resilience and recovery mechanism, control on social media access and data exchange through the same, control on data and information storage and access in cloud etc

Performing configuration control audit for all the IT systems as per best practices

Create security policy and guidelines document for user access management, password policy, data exchange with agencies and vulnerabilities mitigation

Testing for security audit cover cross-site scripting (XSS), cross-site reference forgery, SQL injection flaws, input validation flaws, malicious file execution, insecure direct object references, information leakage and improper error handling, broken authentication and session management, failure to restrict URL access, and denial of services etc.

Conducting audit of assigned activities for IT enabled systems as per the approved Annual Audit Plan, including any special audit/ project assigned by the respective Group Head

Other details

• 
  Mandatory: BE, B-Tech, BSc (Engineering), ME/MTech, MBA/PGDM, MCA, MSc (Maths, Statistics or Physics)

• Preferred: Exposure to information security and various standards in the form of project experience of one semester or completion of two related courses as a part of the curriculum.

• Preferred: CISA / CEH / CISSP

a. Strong knowledge and experience in domains covering - Vulnerability assessment and penetration testing (VAPT), Risk management, Business continuity, Access and authorization, Web application security, Threat detection (SOC, NOC), Ethical Hacking, Social Engineering, Phishing simulation (email, CH, attachment)

b. Exposure on performing vulnerability assessment and penetration testing (black box) including red teaming

c. Information systems industry and best practices in network, application and hardware platform security

d. Audit and assessment methodologies, procedures and best practices that relate to information networks, systems, and applications

Risk Management, security program policies, processes, standards, requirements and procedures and various supporting security technologies.

Desirable: Understanding of NIST / ISO 27001 / CIS framework

About Tata Steel Ltd
Tata Steel is among the top global steel companies with an annual crude steel capacity of 34 million tonnes per annum. It is one of the world's most geographically diversified steel producers, with operations and commercial presence across the world. The group recorded a consolidated turnover of US $32,836 million in the financial year ending March 31, 2022. A Great Place to Work-CertifiedTM organisation, Tata Steel Ltd., together with its subsidiaries, associates, and joint ventures, is spread across five continents with an employee base of over 65,000