Information Security Risk Management

The organization and promoting the business advantages of managing information security risks more efficiently and effectively.

- Drive Data Blueprinting initiative in order to achieve the data protection objective and strengthen the data governance processes for critical and sensitive enterprise data.

- Offer Subject Matter Expertise to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security policy and control frameworks, applicable regulations and emerging security risks

- Keep abreast of latest developments in security and privacy legislations, regulations, advisories, and alerts in various industry verticals across the globe affecting the business environment and identify emerging legal and regulatory risks.

- Review all current & proposed regulatory changes, ensure they are analyzed and notified to the business and required improvements to policies & procedures, as a result of such changes, are properly implemented.

- Develop Information security policies, standards and procedures in collaboration with key stakeholders and governance groups. Administer the dissemination of policies, standards and procedures across the Enterprise.

- Perform periodic reviews of enterprise policies and procedures published in the Information Security Management System based on the ISO/IEC 27000 standards in close collaboration with stakeholders for continuous improvement.

- Support the development of innovative methods and content for delivering the education and training programs on information security and privacy matters for employees.

- Deliver information security risk assessments with the appropriate risk mitigation strategies covering :
a) New and existing enterprise applications

b) Sarbanes Oxley, IT General Controls (ITGC)

c) Cloud initiatives

d) Vendor Infosec Reviews

- Build new Information risk governance framework and standards based on the identified gaps or enhancements in the existing Security processes.

Skills & Experience Required : (Candidate Profile)

- Prior experience of at least __ years in InfoSec Risk management is a must.

- Should be an independent contributor

- Good understanding of IT delivery models (shared, cloud), Business processes, Technologies and infrastructure such as Operating Systems, Networking & Applications

- Exposure to industry standards (such as ISO 27001, PCI-DSS, COBIT, SOX ITGC, SSAE 16) and global regulations (such as EU DPA, HIPAA, GLBA) with implementation experience in large enterprise/Service provider environment

- Excellent Communication skills & Self-starter. Job involves taking on challenges/timely deliveries/good coordination with stakeholders

- Networking with industry peers and associations related to risk management domain to share best practices

- Previous experience in Information Security Management systems will be a plus

- Demonstrated ability to influence cross functional teams, clients, team members, management and external groups

Technical Skills Required (Only for technical hires) :

- CISM, CISSP, COBIT, ITIL Foundation Certifications (one certification must)