Actylis is a leading manufacturer and supplier of critical raw materials and performance ingredients serving the Life Sciences, Specialty Chemicals, and Agriscience industries.
We offer standard and custom ingredients through our rapidly growing portfolio of GMP and non-GMP facilities worldwide, and further choice through our strong sourcing hub network. This unique hybrid option blending manufacturing and global sourcing, combined with more than 75 years of sourcing and distribution experience makes Actylis the Partner of Choice.
Location: Bengaluru
Reports to: Senior Director, IT
Position Summary
The Cyber Security Manager is responsible for developing strategic and tactical plans for cyber risk management and initiatives. Heshe establishes a governance framework for information security to ensure alignment with relevant laws and regulations to protect company data and IT infrastructure. Utilizing a risk-based approach, Heshe identifies key security initiatives and programs. Furthermore, they communicate these initiatives and associated risks to top management and stakeholders to facilitate understanding and identification of information risks. Additionally, the Cyber Security Manager monitors and reports on the performance of the security program to senior management. Heshe provide advice to management regarding the impact of the organization's key risks and recommend mitigation controls while overseeing key projects. The Cyber Security Manager leads the cyber security activities for serial IT programs and assists the IT team in delivering the work products of the safety case and in complying with cyber security requirements.
Key Duties & Responsibilities
- Develop and Implement Security Policies: The cyber security manager is responsible for formulating and implementing comprehensive security policies and procedures that align with the organization's goals and regulatory requirements. This includes creating incident response plans, conducting risk assessments, and ensuring compliance with relevant data protection laws.
- Manage Security Infrastructure: The cyber security manager oversees the deployment and maintenance of security tools, systems, and technologies such as firewalls, intrusion detection systems, and antivirus software. They collaborate with the IT department to ensure continuous monitoring, analysis, and response to potential security breaches.
- Conduct Security Audits and Assessments: Regular audits and assessments are crucial to identifying vulnerabilities and potential threats. The cyber security manager leads the evaluation of existing security measures, performs penetration testing, and manages third-party security audits to ensure the organization's systems and data remain secure.
- Incident Response and Crisis Management: In a security breach or cyber-attack, the cyber security manager is responsible for leading the incident response efforts. This involves coordinating with internal and external stakeholders, conducting forensic investigations, and developing strategies to mitigate the impact of the incident.
- Stay Abreast of Emerging Threats and Technologies: Cybersecurity is an ever-evolving field, and staying updated with the latest threats, vulnerabilities, and emerging technologies is crucial. The cyber security manager must keep a finger on the pulse of the industry, attend conferences, participate in professional networks, and continuously enhance their knowledge through ongoing training and certifications.
- To lead the selection, implementation and operation of cyber security services and solutions
- To lead and manage cybersecurity projects, ensuring completion to deadlines and within budget. In doing so undertake planning, costing, project management, liaison with suppliers.
- To assist in business continuity preparation and testing by developing and maintaining backup procedures and Disaster Recovery documentation for the security infrastructure to ensure that business requirements are met promptly and to accurately reflect user and business requirements.
- To maintain a very high level of knowledge of cybersecurity equipment and technologies to enable the evaluation, selection, testing, installation and monitoring of new/enhanced systems. This includes VPN, Cisco, Sophos and Fortinet Firewall, Zscaler, CrowdStrike, Mimecast, CSPM, CWPP, AWS Azure and Intune.
- Evaluation of software and technologies for placement within the company (DLP, SIEM, orchestration, web application firewalls, DNS filtering, traffic examination)
- Continuous vulnerability assessment and recommend remediation procedures
- Participate in remediation efforts along with the Infrastructure Team.
- Analyze network traffic (including Cloud networks like AWS, Azure), flow Logs, audit logs, DNS logs, server logs (including web servers, load balancers, proxies, etc) OS application logs to identify compromised systems, identify denial of service attacks, and pinpoint resource abuse
- Track CVE-based security threats and map to internal controls and remediation plans
- Map security practices to regulatory controls (HIPAA, CIS control, PCI-DSS, SOX)
Education/Experience:
- Bachelor's Degree in computer sciences, information management, engineering or other quantitative discipline with a focus on cyber security and critical thinking is required
- Minimum 10 years of experience in cybersecurity
- Certification in information security (CISSP, CSSLP, CCFP, CISM, etc.) or comparable work experience.
- Proven project management experience
Functional/Technical Competencies & Skillsets
- 10 to 12 years of relevant experience
- A deep understanding of networking protocols, operating systems, and security frameworks is essential. Proficiency in encryption, vulnerability assessment, and penetration testing is vital for effectively managing security infrastructure.
- Knowledge and experience in Gateways IPS/IDES, Advanced Threat Management, Antivirus, encryption, DLP concepts, switches, routers, and Firewalls
- Ability to work in a matrix organization across worldwide offices and teams
- Strong knowledge on vulnerability management tools like Nessus/Qualys/Crowdstrike/Zscaler/Mimecast and knowledge on any SIEM tool
- Ability to communicate effectively with technical and non-technical employees outside of IT
- Work independently with minimal supervision in a dynamic environment
- Excellent written documentation, reports, and ability to present to leadership team
- Excellent resilience to pressure, requiring the ability to manage competing high-priority workloads while fulfilling responsibilities that are significant as the risks of non-compliance are serious, ranging from financial penalties to reputational damage
- Experience in assessing and implementing security and risk standards eg ISO 2700X, Cyber Essentials, NIST, ITIL, COBIT, PCI
- Strong problem-solving and analytical skills with the ability to create and develop clear policies, standards and procedures
Supervisory Responsibilities: None
Actylis is an Equal Opportunity Employer. Actylis does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided based on qualifications, merit, and business need.
