Senior Manager Information Security

Job Description

As a Senior Manager of Information Security, you will play a pivotal role in leading andmanaging a team of skilled information security professionals. This role demands acomprehensive understanding of IT Governance, cybersecurity strategies, riskmanagement, audit methodology and the ability to provide expert guidance to clients.The person must have hands-on 3 years of experience in performing IT audits, SOC2,ISO 27001/ BCP implementation, risk assessment in initial years of career. The personshould be of consulting background. You will be responsible for overseeing the deliveryof high-quality information security consulting services, ensuring that client expectationsare not only met but exceeded.

Responsibilities:

1.Leadership and Team Management:

Lead and inspire a team of information security consultants, fostering a

collaborative and innovative work environment.

Provide mentorship, guidance, training for team members.

Update the team about evolving cybersecurity threats and technologies, new

audit methodology and tools

2.Client Engagement:

Work closely with clients to understand their business objectives and tailor

information security solutions to meet their specific needs.

Serve as a trusted advisor to clients, providing strategic insights on information

security best practices, risk management, and compliance.

Meet the clients at the time of kick off and on periodic visit during the project

duration

Update the clients about new threats impacting their environment, regulatory

guidelines.

3.Project Management/ Audit Planning

Develop and execute IT/system audit plans/ project plan in alignment with

organizational objectives and regulatory requirements

Oversee the planning, execution, and delivery of information security consulting

projects within scope, budget, and timeline.

Guide or perform detailed examinations of IT systems, processes, and controls

In case of audit, maintain comprehensive and accurate audit documentation,

prepare clear and concise audit reports outlining findings, risks, and

recommended remediation actions and communicate audit results to

management and relevant stakeholders

Implement project tracking tools and submit the status report to senior

management on regular basis.

4.Technical Expertise:

Stay abreast of the latest trends, vulnerabilities, and technologies in the

information security landscape.

Stay update with new regulatory/ legal requirements

Prepare expert note on new changes for internal purpose skill upgradation

Working knowledge of Global Standards (Like ISO 27001, 27701,31000,

22301), Frameworks (NIST etc) Certifications,

5.Risk Assessment and Mitigation:

Conduct risk assessments to identify potential vulnerabilities and recommend

appropriate mitigation strategies.

Collaborate with clients to develop and implement effective risk management

programs.

6.Policy and Compliance:

Assist clients in developing and implementing information security policies,

procedures, and guidelines.

Ensure compliance with relevant industry regulations and standards.

7.Communication and Reporting:

Communicate complex technical concepts to both technical and non-technical

stakeholders.

Prepare and present comprehensive reports to clients and senior management.

Desired Candidate Profile

Extensive experience (7-8 years) in information security consulting or a

similar role.

Professional certifications such as CISSP, DISA, CISM, or CISA are highly

desirable.

Strong leadership and interpersonal skills with a proven ability to manage

and motivate a diverse team.

Excellent communication and presentation skills.

In-depth knowledge of Audit standards, cybersecurity frameworks,

standards, and best practices.

Experience required: 7-8 years

---