Job Title – Sr Information Security Architect

　　Job Location - Bangalore

　　In this role, you have the opportunity to

　　As a Senior Information Security Manager, you will be responsible for developing, implementing and monitoring a

　　strategic, comprehensive IT security program while ensuring compliance with regulatory requirements, and

　　mitigating risks to the organization's information assets. Information Security Manager will provide the vision and

　　leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective

　　governance, system and infrastructure availability, integrity and confidentiality.

　　Key Responsibilities :

　　Information Security Strategy:

　　Develop and execute a strategic information security plan aligned with organizational objectives.

　　Establish and maintain policies, standards, and procedures to ensure the confidentiality, integrity, and

　　availability of healthcare information.

　　Risk Management:

　　Identify and assess information security risks, conducting regular risk assessments and vulnerabilityassessments.

　　Develop and implement risk mitigation strategies and controls to protect against potential threats.Compliance and Standards:

　　Ensure compliance with relevant healthcare regulations, such as HIPAA and other industry-specificstandards.

　　Stay abreast of changes in regulatory requirements and update policies and procedures accordingly.Incident Response:

　　Lead the development and execution of incident response plans.

　　Coordinate responses to security incidents, conduct post-incident analysis, and implement corrective

　　actions.

　　Security Awareness and Training:

　　Develop and deliver information security training programs for employees at all levels.

　　Foster a culture of security awareness throughout the organization.

　　Security Architecture:

　　Design and implement a robust security architecture, incorporating the latest technologies and bestpractices.

　　Collaborate with IT teams to ensure that security is integrated into system development and deploymentprocesses.

　　Vendor Management:

　　Evaluate and manage the security posture of third-party vendors and partners.

　　Establish and maintain strong relationships with vendors to ensure the security of products and services.

　　Information Security Manager needs to have a strong understanding of the below-mentioned areas:

　　Threat modelling

　　Security Testing (includes Dynamic and static Security Testing),

　　Application Architecture review

　　Information Security, Cloud & Network Security Architecture Review

　　Define Security Use Cases

　　Cloud Platform Security

　　Data Lake Security

　　Network Segmentation

　　Cyber Security Framework Based on Industry Standard / Best Practices

　　Microsoft Defender Implementation and Monitoring (Malware, EDR, ATP)

　　Microsoft 365 Security

　　•You are responsible to:

　　Designing of Conditional Access Policy

　　Develop and maintain robust security controls to protect Philips’s business from security breaches/incidents.

　　Deliver security demand from the business for security controls.

　　Gather Security Management Framework and information security architectural requirements and drive

　　compliance of Enterprise IT systems against those requirements.

　　Manage the risk profile of the IT systems and Suppliers

　　Drive education and awareness activities across the platform and Enterprise IT.

　　Evaluate new cybersecurity threats and IT trends and develop effective security controls.

　　Establish regular governance with service owners to review security control status

　　Liaison with Philips Information Security Office in driving the security Improvement Program

　　Evaluate potential security breaches, coordinate response, and recommend corrective actions.

　　Define and report on information security KPIs.

　　Organize the preparation of the security status dashboards including presentation to executive

　　management.

　　Analyze application end to end, prepare threat modelling (STRIDE, PASTA & DREAD) based on differentrisk scenarios and drive to fix those risks

　　Cloud Security Management that includes Security Posture Management, Security Baseline, Codevalidation for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard

　　Firewall Management, Docker Security, Kubernetes security

　　Prepare security use cases / functional requirements that new solutions need to meet. Validate thoserequirements are met when the solution is delivered

　　Perform API Security testing that includes – API inventory, logging and monitoring, API Gateway Security,API Services Security.

　　Exposure to network security which includes network segmentation, DDoS, Network Devices SecurityBaselining and monitoring, and firewall rules review for any deviation.

　　Application Security – integration of security tooling with CI/CD pipeline, review of security reports andfollow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code

　　Review etc.

　　Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication,design conditional access policy

　　Management of foundational security tooling e.g. tools like Defender, EDR, Vuln Mgmt, CMDB agent.

　　Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real

　　threat actors.

　　Perform attack pattern analysis based on MITRE Attack framework, support solution development toaddress the pattern

　　Define Data Protection roadmap and work with architecture to meet the requirement. Deploy dataprotection tools like CASB, DLP etc.

　　You are a part of

　　Enterprise IT Security team working closely with Enterprise IT, IT Platform Leaders, CIO and CISO.

　　To succeed in this role, you should have the following skills and experience

　　Soft Skills

　　Excellent English language communication skills, both verbal and written. Cross-cultural etiquette,customer-centric and collaborative mindset.

　　Works autonomously within established procedures and practices.

　　Good command of stakeholder management, judgement, conflict resolution, risk & mitigations.

　　Provides leadership to the global team at strategic, tactical, and operational levels

　　Maintains current knowledge of industry and regulatory trends and developments for enterprise

　　technology.

　　Specialized in several Security domains such as incident response, operational assessment of securityposture, and general security management.

　　Thorough understanding of Security Management principles, Security governance principlesQualification

　　Bachelor’s or Master’s degree in Information Technology and or commensurate experience in deliveringsecurity solutions.

　　Overall Enterprise IT Security experience of 10 yrs or more.

　　Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.

　　In return, we offer you

　　A warm welcome to a challenging, innovative environment with great opportunities for you to explore. Quality is

　　right on the top of Philips leadership agenda and that means you have the unique opportunity to come in and have

　　a recognized voice to drive and witness exciting, transformational changes. You will be empowered to drive highquality,

　　groundbreaking innovations with a globally recognized, premium brand behind you. Next to that a

　　rewarding career in Philips with an attractive package

　　Why should you join Philips?

　　Working at Philips is more than a job. It’s a calling to create a healthier society through meaningful work, focused

　　on improving 2.5 billion lives a year by delivering innovative solutions across the health continuum. Our people

　　experience a variety of unexpected moments when their lives and careers come together in meaningful ways.

　　Learn more by watching this video.

　　To find out more about what it’s like working for Philips at a personal level, visit the Working at Philips page on our

　　career website, where you can read stories from our employee blog. Once there,you can also learn about our

　　recruitment process, or find answers to some of the frequently asked questions.