Senior Information Security Manager

Position Summary: Sr Manager Information Security Governance

• The Incumbent would be responsible to manage the information security governance, risk, and compliance process.
• Standardize GRC policies, evaluate their impacts, and implement the relevant measure.
• Liaise with Internal Audit, Corporate Compliance, Office of General Counsel and Risk Management to remediate new and outstanding issues; track security-related issues in the electronic GRC system.
• This is a global role engaging stakeholders (at all levels) across geographies like India, Philippines and US.
• Certifications such as CISA, CISSP, CISM, CEH, ISO27001 LA are required (The Incumbent needs to possess at least two certifications).
• Incumbent should be a good effective communicator.
• Information security team is a healthy mix of exuberance, expertise and experience.

Job Functions and Responsibilities:

• Develop and maintain a robust threat intelligence gathering and monitoring plan.
• Review external threat Advisories and determine relevance to organization and design an appropriate response strategy
• Conduct assessment / review of IT processes and recommend action for improving IT governance maturity using reference frameworks like ISO 27001/ ITIL/others.
• Provide reports to senior management for review of information security risks, governance and compliance.
• Keep abreast with latest security and privacy regulations, advisories and alerts.
• Ensure compliance with organizational information security policies and procedures
• Is responsible to manage security incidents and policy exceptions.
• Regular checks of strength and efficiency of security system and provides security expertise for the business unit and function managers
• Conduct IT security awareness through regular publishing of monthly security updates/bulletins and trainings (e.g., brown bags) to improve IT security knowledge of users and IT staff.
• Provide advice and consultancy on security risks and controls.
• Is responsible for keeping an up-to-date map of security risks, latest security and privacy regulations, advisories.
• To participate to internal and external audits, and in liaison with regulatory and market bodies
• Analysis on qualitative and quantitative Risk Approach i.e. Risk Assessment of all assets across group along with Risk Treatment Plan.
• To analyze and assess security risks and their impacts, and implement the relevant measures.
• Coordinates compliance and auditing activities and facilitates migration of non-compliant environments to compliant environments.
• Is responsible to monitor and manage security-related nonconformities

Key Result Areas:

• High Quality Content creation for Information Security Presentations for councils such as MBR, TechOps and ITRC
• Identification and Management of Information Security Risks
• Manage Infosec risks in third party engagements and drive improvements across categories of vendors
• Qualitative review and upkeep of InfoSec Policies and Procedures
• Enhance Employee awareness to make it more engaging and effective.
• Proactive identification of resolution of risks to maintain high InfoSec Posture ratings.
• Track effective set of infosec metrics and drive improvement in security posture.
• Participate in and Respond to InfoSec Audits, Questionnaires and Examinations
• Enhance Incident Management preparedness and drive InfoSec incident management.

Qualifications:

BE / BTech / ME / MTech / MBA with specialized Infosec certifications such as CISSP, CISA, ISO 27001 LI/LA, CISM

• Bachelor of Engineering or equivalent
• 13-15 yrs of experience in the field of Information Technology & Security audits
• At least nine (11) years of Information Systems & Security audit experience
• Extended Knowledge of IT Security.
• Experience in implementing IT controls within the IT governance framework and designing overall governance framework.
• Good Understanding of Risk and Compliance concepts and Tools
• Good communication and documentation skills.

WORK SCHEDULE OR TRAVEL REQUIREMENTS

• 3 PM IST to 12 PM PST
• Travel - Minimal.
• To attend office in-person at the base location as and when required.