Manager Information Security

RESPONSIBILITIES:

Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.

Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.

To ensure compliance with relevant standards such as HIPAA/HITECH,ISO 27001, PCI-DSS, and other auditing authorities (internal and external)

Develop audit plans and schedules for monitoring performance of information security controls, personnel and plans.

Organize and control information security audits for assigned projects. Select, organize, train and evaluate Information Security Audit Team.

Arrange and liaising Audit visits by contacting Department Heads of concerned area and external Surveillance Auditors.

Finalize Internal Information Security Audit reports by validating and assessing audit findings in consultation with the Audit team, Information Security Manager and Department Heads.

Maintain documentation as per standard requirement.

Risk Analysis and Assessment IT Governance.

Worked with the business units to ensure the achievement and maintenance of appropriate security controls.

Verify that systems are developed and maintained in line with company security policies.

Assess IT control elements to mitigate IT risks regarding confidentiality, availability and integrity of client information.

Performing analysis of application and network security needs and contributes to design, integration, and installation of hardware and software.

Analyzing, troubleshooting and correcting network problems remotely and on-site.

Maintaining and administering perimeter security systems such as firewalls and intrusion detection systems.

Must have knowledge about hacking techniques and remediation for all old/ new vulnerabilities.

Implement and act in accordance with MTBC’s information security and privacy policies.

Ensure compliance with information security responsibilities specific to your job role.

Protect assets from unauthorized access, disclosure, modification, destruction or interference.

REQUIREMENTS:

Hands on experience and in-depth technical knowledge in cloud security, computer and network security, authentication and security protocols.

Hands on experience working with microservices and container technologies.

Hands on experience with the development, deployment, and automation of security solutions with CI/CD in Cloud environment

In depth knowledge of network based, system level, and application layer attacks and mitigation methods

Hands on experience with a broad range of security technologies.

Strong knowledge of technology and security topics including network and application security (OWASP), infrastructure hardening, security baselines, web server, and database security

Expertise in cloud automation tools.

Strong applied cryptography and its implementation is a plus (asymmetric and symmetric key encryption, key management etc.)