Location: Boston,MA, USA
We are Mindsprint!
A leading-edge technology and business services firm that provides impact driven solutions to businesses, enabling them outpace speed of change. For over three decades we have been accelerating technology transformation for the Olam Group and their large base of global clients.
Working with leading technologies and empowered with the freedom to create new solutions and better existing ones, we have been inspiring businesses with pioneering initiatives.
Awards bagged in the recent years:
• We are Great Place To Work® Certified™ for 2023-2024
• Best Shared Services in India Award by Shared Services Forum – 2019
• Asia's No.1 Shared Services in Process Improvement and Value Creation by Shared Services and Outsourcing Network Forum – 2019
• International Innovation Award for Best Services and Solutions – 2019
• Kincentric Best Employer India – 2020
• Creative Talent Management Impact Award – SSON Impact Awards 2021
• The Economic Times Best Workplaces for Women – 2021 & 2022
• #SSFExcellenceAward for Delivering Business Impact through Innovative People Practices – 2022
For more info:
About the Job
The Director of Information Security oversees efforts to uphold confidentiality, integrity, and availability of information systems. They are responsible for prioritizing information security awareness, vulnerability avoidance, threat protection/detection, incident response, breach recovery, and business continuity.
Role Responsibilities
·Maintains a comprehensive understanding of potential threats to information system confidentiality, integrity, and availability.
·Owns information processing system administration tasks related to authentication, authorization, threat detection/protection, breach response, recovery, and business continuity.
·Drives the classification of data and systems (public, private, confidential, compliance confidential) across company assets.
·Participates in threat modeling, including assessing likelihood/frequency, impact, risk reduction, recovery, and associated costs.
·Reviews, updates, and approves company policies and standard operating procedures related to information security.
·Participates in Change Approval Board (CAB) meetings, providing input on changes with information security implications.
·Recommends, drives, and tracks information security awareness training initiatives.
·Ensures the implementation of appropriate security software solutions for intrusion prevention/detection, data loss protection, anti-virus, phishing (email), network scanning, software vulnerability scanning, static code analysis, and security information and event management (SIEM).
·Reviews system and security software logs for signs of anomalous behavior.
·Tracks results from static code analysis and application scanning tools, prioritizing vulnerability remediation with development team leaders.
·Tracks results from network penetration testing, prioritizing vulnerability remediation with operations team leaders.
·Serves as the primary point of contact for suspected or actual security events.
Qualifications & Experience
·Degree in a related field or equivalent experience.
·Industry training/experience in information security management and administration.
·Demonstrable experience in the following:
·Encryption (symmetric and asymmetric)
·Authorization
·Authentication (local, centralized, federated)
·Principle of least privilege
·Data/system classification
·Database security
·Public key infrastructure
·x.509 certificates and certificate management
·Networking
·Operating system administration
·Physical security
·Data/device cleaning, purging, and destruction
·Google Cloud Platform (GCP) Security and Best Practices.
·Awareness of data privacy compliance regulations including HIPAA, HITECH, PCI/DSS, and GDPR.