Information Security

**About us**: Thoucentric is a niche management consulting firm focused on helping organizations overcome business challenges, maximize growth & overall performance through effective problem solving, efficient people, process and technology solutioning, end to end execution and management. We have been certified **Great Place to Work **by AIM ** **and have been ranked as **"50 Best Firms for Data Scientists to Work For"** We help clients with Business Consulting, Program & Project Management, Digital Transformation, Product Management, Process & Technology Solutioning and Execution including Analytics & Emerging Tech areas cutting across functional areas such as Supply Chain, Finance & HR, Sales & Distribution. We are a group of seasoned professionals having diverse industry, solution and product experience thereby making us effective business liaisons. **We are 400+ consultants strong coming with strong diverse background fueling our growth story in India and across four other global locations viz. US, UK, Singapore and Australia.** At Thoucentric, we work on various problem statements. - The most popular ones are - ** Building capabilities** that address a market need, **basis our ongoing research **effort.** - ** Solving a specific use case** for a current or potential client **based on challenges on-**ground.** - ** Developing new systems **that help be a better employer and a better partner to clients. - All of these need the **best of minds to work on them day-to-day;** and **we do exactly that** - Your c**ontribution to organization development is as important** as outward facing consulting. - ** We are invested in both, employee growth and client success** **About the Role**: - This position is responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected. - The position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. - Strategic Support and Management - Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled, or processed by the organization. - Develop, maintain, and publish up-to-date information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices. - Create, communicate, and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers. - Develop and manage information security budgets and monitor them for variances. - Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users. - Create a framework for roles and responsibilities regarding information ownership, classification, accountability and protection - Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls. - Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures. - Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation. - Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. Security Liaison - Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required. - Manage security issues and incidents, and participate in problem and change management forums. Ensuring timely reporting and adequate participation in investigation for ICT security incidents - Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation. - Work with the IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program. Architecture Support- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools. - Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirement **Requirements**: **Education qual