Home
Communities
Companies
- Companies
  
  Discover best places to work
- Compare Companies
  
  Compare & find best workplace
- Add Office Photos
  
  Bring your workplace to life
- Add Company Benefits
  
  Highlight your company's perks
Reviews
- Company reviews
  
  Read reviews for 6L+ companies
- Write a review
  
  Rate your former or current company
Salaries
- Browse salaries
  
  Discover salaries for 6L+ companies
- Salary calculator
  
  Calculate your take home salary
- Are you paid fairly?
  
  Check your market value
- Share your salary
  
  Help other jobseekers
Interviews
- Company interviews
  
  Read interviews for 40K+ companies
- Campus placements
  
  Interviews questions for 1K+ colleges
- Share interview questions
  
  Contribute your interview questions
Jobs
Awards

WINNERS AWAITED!
- ABECA 2025
  
  WINNERS AWAITED!
  
  AmbitionBox Employee Choice Awards - 4th Edition
- ABECA 2024
  
  AmbitionBox Employee Choice Awards - 3rd Edition
- AmbitionBox Best Places to Work 2022
  
  2nd Edition
- AmbitionBox Best Places to Work 2021
  
  1st Edition

Add office photos

Employer? Claim Account for FREE

Novartis

Compare

4.1

based on 1.5k Reviews

277 Novartis Jobs

Assoc. Dir. DDIT ISC SecOps VulnSvcs

Novartis Healthcare Pvt. Ltd.

4.1

based on 1.5k Reviews

8-13 years

Hyderabad / Secunderabad

1 vacancy

Assoc. Dir. DDIT ISC SecOps VulnSvcs

Novartis

posted 5hr ago

Job Role Insights

Flexible timing

Key skills for the job

Orcale Social Work Automation Testing Project Management Relationship Management Risk Management

+ 4 more

Job Description

Summary

The role is part of DDIT ISC Security Operations in Vulnerability Services team. The person will focus on reducing risk exposure from security vulnerabilities with major focus on high risk, theme based and 0-day vulnerabilities emergency response and remediation. Flexibility with work schedule is critical.
Analyze ongoing security vulnerabilities risk posture, perform technical vulnerability/mitigations tests, collaborate with finding owners/support teams for managing resolutions, act as SME to assess discovered vulnerabilities and provide pragmatic solutions and flexibly support emergency vulnerability remediations. Collaboration with cross functional teams for threat intel, incident response, security architecture, remediation and security operations are key.
-Oversees security operations service line, technology governance and external/internal interfaces in accordance with service operations and management processes.

About the Role

Act as a Technical Security SME and point of contact for responding to ongoing high-risk vulnerability exposure
Continuously monitor and prioritize security vulnerabilities, missing controls, mitigations and defenses through risk analysis to understand potential impact and translate vulnerability severity as security risk.
Identify problem areas, root causes and solution to prevent/reduce vulnerabilities.
Support vulnerability assessments and penetration testing of infrastructure, applications, and services where needed to verify false positives or remediations.
Ensure that vulnerability remediation plans are delivered to the agreed SLA, engage application managers and asset owners to carry out corrective actions.
Identify potential improvement areas for vulnerability response and shared learned lessons with teams and stakeholders.
Take accountability to ensure adherence with Security and Compliance policies and procedures.
Stay up to date with the latest security threats and vulnerabilities, proactively recommending mitigation strategies.
Develop and maintain documentation of related process and best practices.
Implement security policies, procedures, and standards to ensure the confidentiality, integrity, and availability of cloud resources from technical vulnerabilities.
Provide security awareness and training to teams on security practices and vulnerability related processes.
Be flexible with work schedules (including support outside standard business days/hours) to coordinate emergency response for high-risk vulnerability remediation with relevant stakeholders. Drive identification of root causes and prevention of recurrences.
Collaborate with various stakeholders from security operations, architecture, cyber, SOC, and application teams to achieve technical risk reduction goals.
Defines remediation activities for security assessment gaps as they pertain to IT Security Management

Key performance indicators:

Stable, compliant, secure, and cost-effective operations measured by Availability, Performance, Capacity, Security Metrics -Responsiveness and Recovery Speed of critical incidents/issues in business -Learning Agility, ability to evaluate and launch new services and capabilities -Productivity gains and defect reduction through continuous improvement -Automation led Security Operations Services -Integration of Applications and Infrastructure into Centralized Security Platforms
Flexibility to support vulnerability response remediation with sense of urgency.
Technical expertise proven in identifying, reviewing, and improving vulnerabilities.
Ensure Application/project satisfied with the risk, security, and remediation advisory.
Reducing the number of vulnerabilities by adapting remediation wherever possible
Cross skill collaboration and feedback from the various stake holders

Minimum Requirements:
Work Experience:

8+ years of overall working experience in information security preferably in Application Security and Vulnerability management domain.
At least 3+ years in handling security vulnerability response and remediation or SOC, coordinating with relevant stakeholders, and implementing corrective/preventive actions.
Experience performing passive discovery and active testing of network or application vulnerabilities for validating external threat landscape to Novartis assets.
Risk.
Accountability.
Strong cross functional leadership.
Relationship Management.
Strategy Development.
Operations Management and Execution.
Collaborating across boundaries.
Project Management.
Interactions with senior management.
People Leadership.
V ulnerability management, response and technical assessments
Threat research and correlation with vulnerabilities

Skills:

Strong security knowledge top security vulnerabilities, threat correlation, host/NW controls, mitigations, leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk.
Understanding of relevant industry technology environments and their in-depth information including operating system, protocols, services, applications, configurations, and firmware to review and consult on vulnerabilities.
Experience with security vulnerability detection tools for network, applications, web services, databases, containers, code security, cloud services, NW devices, etc.
Hands-on experience monitoring threat intel for high-risk vulnerabilities, finding ownerships, handling shadow IT asset scenarios, sensitizing teams for security remediation, performing tests for technical vulnerability confirmation, etc.
Knowledge of security patching, technical debt, SW patching, and relevant domains.
Escalation.
Information Security Audit.
Information Security Risk Management.
Quality Management.
Root Cause Analysis (Rca).
Sec Ops (Security Operations).
Vendor Management.
Persuasive communication skills