Defense Management Lead

Overview:
We are seeking a highly experienced and strategic Defense Management Lead to spearhead our comprehensive security operations. This pivotal role will be responsible for overseeing and optimizing our vulnerability management, security governance, system security, and security advisory functions. The ideal candidate will be a proven leader with deep technical expertise across various security domains, exceptional organizational skills, and a strong commitment to enhancing our overall security posture.

Responsibilities:

• Lead, mentor, and manage a team of VAPT specialists, fostering a culture of continuous improvement and technical excellence.

• Develop, implement, and mature the VAPT program, including scope definition, methodology, tool selection, and reporting.

• Oversee the execution of regular vulnerability assessments and penetration tests across applications, infrastructure, and networks.

• Prioritize and track remediation efforts for identified vulnerabilities, collaborating with relevant teams to ensure timely resolution.

• Stay abreast of emerging threats, vulnerabilities, and attack techniques to enhance VAPT strategies.

• Establish and maintain robust security governance frameworks, policies, standards, and procedures in alignment with industry best practices (e.g., ISO 27001, NIST, internal compliance requirements).

• Lead and facilitate security audit assessments (internal and external), ensuring compliance with regulatory and organizational requirements.

• Manage and conduct OSP (Outsourced Service Provider) security reviews, including due diligence and ongoing monitoring of third-party security posture.

• Oversee the vendor security management program, assessing security risks posed by third-party vendors and ensuring appropriate controls are in place.

• Provide governance and oversight over the security posture of all security components and solutions deployed within the organization.

• Manage and optimize endpoint security solutions (e.g., EDR, antivirus), ensuring comprehensive protection across all devices.

• Oversee the lifecycle management of SSL/TLS certificates, ensuring timely renewals and proper implementation.

• Develop and implement strategies for data encryption across various systems and data at rest/in transit.

• Define and enforce hardening standards for operating systems, applications, and network devices.

• Manage and secure file sharing mechanisms, ensuring data integrity, confidentiality, and access control.

• Act as a primary security advisor to business units and technology teams, providing expert guidance on security best practices, risk mitigation, and architectural design.

• Contribute to the development and evolution of the overall security architecture, ensuring alignment with business objectives and threat landscape.

• Lead the security project office function, managing the lifecycle of security-related projects from initiation to closure.

• Define project scopes, objectives, resource requirements, timelines, and budgets for security initiatives.

• Monitor project progress, identify and mitigate risks, and ensure successful delivery of security projects.