Information Security Lead

Job Title

Job Description

In this role, you have the opportunity to

Information Security Lead will be responsible for developing, implementing and monitoring a strategic, comprehensive IT security plan for platforms across Enterprise IT. Information Security Lead will provide the vision and leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective governance, system and infrastructure availability, integrity and confidentiality. This position reports to Head of Enterprise IT Security.

Information Security Lead need to be strong in the below mentioned areas:

• Threat modelling

• Security Testing (includes Dynamic, Static Security Testing),

• Penetration Testing

• Application Architecture review

• Cloud Security Architecture Review

• Define Security Use Cases

• Cloud Platform Security

• API Security

• Open AI/GenAI Security

• Data Lake Security

• Modern Authentication

• SDLAN Security

• Network Segmentation

• MITRE Attack Framework

• Cyber Security Framework based on Industry Standard / Best Practices

• CIS Baseline Validation

• Microsoft Defender Implementation and Monitoring (Malware, EDR, ATP)

• Microsoft 365 Security

• Designing of Conditional Access Policy

You are responsible to:

• Develop and maintain robust security controls to protect Philips business from security breaches/ incidents.

• Deliver security demand from the business for security controls.

• Gather Security Management Framework and information security architectural requirements and drive compliance of Enterprise IT systems against those requirements.

• Manage risk profile of the IT-systems and Suppliers

• Drive education and awareness activities across platform and Enterprise IT.

• Evaluate new cybersecurity threats and IT trends and develops effective security controls.

• Establish regular governance with service owners to review security controls status

• Liaison with Philips Information Security Office in driving security Improvement Program

• Evaluate potential security breaches, coordinates response, and recommend corrective actions.

• Define and report on information security KPIs.

• Organize the preparation of the security status dashboards including presentation to executive management.

• Analyze application end to end, prepare threat modeling (STRIDE, PASTA & DREAD) based on different risk scenarios and dirve to fix those risks

• Cloud Security Management that includes Security Posture Management, Security Baseling, Code validation for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard Firewall Management, Docker Security, Kubernetes securtiy

• Prepare security use cases / functional requirements that new solutions need to meet. Validate those requirements are met when the solution is delivered

• Perform API Security testing that includes – API inventory, logging and monitoring, API Gateway Security, API Services Security.

• Exposure to network security which includes network segmentation, DDoS, Network Devices Security Baselining and monitoring, firewall rules review for any deviation.

• Application Security – integration of security tooling with CI/CD pipeline, review of security reports and follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code Review etc.

• Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication, design conditional access policy

• Management of foundational security tooling e.g. tools like Defender, EDR, Vuln Mgmt, CMDB agent.

• Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real threat actors.

• Perform attack pattern analysis based on MITRE Attack framework, support solution development to address the pattern

• Define Data Protection roadmap and work with architecture to meet the requirement. Deploy data protection tools like CASB, DLP etc.

You are a part of

Enterprise IT Security team working closely with Enterprise IT, IT Platform Leaders, CIO and CISO.

To succeed in this role, you should have the following skills and experience

Soft Skills

• Excellent English language communication skills, both verbal and written. Cross-cultural etiquettes, customer centric and collaborative mindset.

• Works autonomously within established procedures and practices.

• Good command on stakeholder management, judgement, conflict resolution, risk & mitigations.

• Provides leadership to the global team at strategic, tactical, and operational level

• Maintains current knowledge of industry and regulatory trends and developments for the enterprise technology.

• Specialized in a number of Security domains such as incident response, operational assessment of security posture, general security management.

• Thorough understanding of Security Management principles, Security governance principles

Qualification

• Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering security solutions.

• Overall Enterprise IT Security experience of 10 yrs or more.

• Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.

In return, we offer you

A warm welcome to a challenging, innovative environment with great opportunities for you to explore. Quality is right on the top of Philips leadership agenda and that means you have the unique opportunity to come in and have a recognized voice to drive and witness exciting, transformational changes. You will be empowered to drive high quality, groundbreaking innovations with a globally recognized, premium brand behind you. Next to that a rewarding career in Philips with attractive package

Why should you join Philips?

Working at Philips is more than a job. It’s a calling to create a healthier society through meaningful work, focused on improving 2.5 billion lives a year by delivering innovative solutions across the health continuum. Our people experience a variety of unexpected moments when their lives and careers come together in meaningful ways.

About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
• Learn more about our business.
• Discover our rich and exciting history.
• Learn more about our purpose.

If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our commitment to diversity and inclusion here.

#DIW