Karbon Card
2 months ago
Job Description
Position Summary :
The Information Security Officer is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
The Head of IS responds to incidents, establishes appropriate standards and controls, manages security technologies, and directs the establishment and implementation of policies and procedures.
Build security architecture aligned with the business goal.
Key Responsibilities :
Strategic Leadership :
- Develop and implement a strategic, long-term information security strategy and roadmap to ensure that information assets are adequately protected.
- Establish and maintain a framework to ensure that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.
Risk Management :
- Identify, assess, and prioritize information security risks and implement mitigation strategies.
- Develop and maintain an information security risk management program that includes threat modelling, vulnerability assessments, and risk assessments.
- Monitor and report on risks and the effectiveness of risk management processes.
- Conduct Business Impact Analysis and build BCP and DR by aligning with each department.
Policy Development :
- Establish, maintain, and enforce a group-wide information security management program to ensure that information assets are adequately protected.
- Develop, implement, and maintain policies and procedures that govern the security of data and information systems.
Incident Response :
- Lead the response to security incidents, including the investigation of violations and the implementation of corrective actions.
- Develop and oversee incident response planning, as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches.
Compliance and Governance :
- Ensure compliance with relevant legal, regulatory, and contractual requirements.
- Oversee the development and implementation of security programs that address security objectives, including audit reviews, risk assessments, vulnerability assessments, and compliance assessments.
Technology Management :
- Evaluate new security technologies and make recommendations for adoption.
- Oversee the selection, implementation, and operation of information security technologies.
- Direct and approve the design of security systems.
Team Leadership :
- Build, develop, and manage a high-performing information security team.
- Provide leadership and mentoring to the information security staff.
- Manage security budgets and monitor costs, ensuring they are within budgetary limits.
Collaboration :
- Work closely with other executives to prioritize security initiatives and spending based on appropriate risk management.
- Collaborate with internal and external auditors to ensure compliance with policies and controls.
Training and Awareness :
- Develop and implement a security awareness program to educate the organization on security best practices and policies.
- Conduct training sessions for employees on various aspects of information security.
Audit Planning and Execution :
- Strong ability to design and implement audit plans, ensuring thorough assessment of security controls.
Qualifications :
Education : Bachelor's degree in information technology, Cybersecurity, Computer Science, or a related field.
Experience :
- Minimum of 10 years of experience in information security and IT risk management, with at least 5 years in a Team Management / leadership role.
- Proven experience in developing and implementing information security strategies and programs.
- Experience in ISO 27001, SOC 2 Type I, and SOC 2 Type II audits.
- Proficient in control assessment, audit planning, and :
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CISA or similar certifications are highly desirable.
Skills :
- Strong knowledge of information security management frameworks (e.g, ISO/IEC 27001, NIST).
- Knowledge on regulatory requirements in terms of infosec from Different Laws Like GDPR, DPDP, IT Act 2000, CICRA and different US data privacy laws will be preferred.
- Strong communication skills, with the ability to convey complex information security concepts to non-technical stakeholders.
- Extensive experience in security policy development, risk management, and incident response.
- Excellent leadership and management skills, with the ability to lead and motivate a team.
- In-depth understanding of the latest security principles, techniques, and protocols
-
Karbon Card
1 month ago
Bangalore, India INTERROPAC PRIVATE LIMITED Full timeJob Title : Senior Java Backend Engineer About Karbon : Karbon Card is a B2B payment solution for India's finance leaders, entrepreneurs, business owners and corporate executives. We serve 1500+ teams across India, including decorated companies and tech unicorns.2019/7 - Launched and became an instant hit among Bangalore founders2021/8 - Graduated from...