Information Security

**About us**:
Thoucentric is a niche management consulting firm focused on helping organizations overcome business challenges, maximize growth & overall performance through effective problem solving, efficient people, process and technology solutioning, end to end execution and management.

We have been certified
**Great Place to Work **by AIM
** **and have been ranked as
**"50 Best Firms for Data Scientists to Work For"**

We help clients with Business Consulting, Program & Project Management, Digital Transformation, Product Management, Process & Technology Solutioning and Execution including Analytics & Emerging Tech areas cutting across functional areas such as Supply Chain, Finance & HR, Sales & Distribution.

We are a group of seasoned professionals having diverse industry, solution and product experience thereby making us effective business liaisons.
**We are 400+ consultants strong coming with strong diverse background fueling our growth story in India and across four other global locations viz. US, UK, Singapore and Australia.**

At Thoucentric, we work on various problem statements.
- The most popular ones are
- ** Building capabilities** that address a market need, **basis our ongoing research **effort.**
- ** Solving a specific use case** for a current or potential client **based on challenges on-**ground.**
- ** Developing new systems **that help be a better employer and a better partner to clients.
- All of these need the **best of minds to work on them day-to-day;** and **we do exactly that**
- Your c**ontribution to organization development is as important** as outward facing consulting.
- ** We are invested in both, employee growth and client success**

**About the Role**:

- This position is responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected.
- The position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
- Strategic Support and Management
- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled, or processed by the organization.
- Develop, maintain, and publish up-to-date information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
- Create, communicate, and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.
- Develop and manage information security budgets and monitor them for variances.
- Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users.
- Create a framework for roles and responsibilities regarding information ownership, classification, accountability and protection
- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
- Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.
- Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.

Security Liaison
- Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.
- Manage security issues and incidents, and participate in problem and change management forums. Ensuring timely reporting and adequate participation in investigation for ICT security incidents
- Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
- Work with the IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.

Architecture Support- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
- Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirement

**Requirements**:
**Education qual