Manager - Information Security - BPO

InnoQuest Consulting comprising a Core team of seasoned Talent Acquisition professionals with experience across diverse industries ranging from IT, ITeS, Banking & Financial Services and Telecom with team's core expertise in Mid/ Senior Management & Leadership hiring.

About our client :

Our client is a leading business process and software services provider serving multiple industries with key focus on the financial services industry.

Min. Qualification : Post Graduate in Technology / Science Bachelor in Technology / Science with MBA or relevant professional certification

Skills and Behavioural traits

- Hands on experience of auditing ISO/IEC 27001:2005, ISO 31000, PCI DSS, SSAE 16, GLBA, ITIL

- Clear understanding & knowledge of Information Security, IT security, Data Privacy, BCM & Riske Based Audits

- Experience of project management

- Knowledge of ISO 31000 & cobit

- Presentation skills

- Decision making capability

- Team management

- Analytic capability

- Time management

- Effective prioritization

Essential duties and responsibilities include the following: (other duties may be assigned)

- Managing a team of Information security & risk auditor, grooming them in domain

- End to end security, technical, data privacy & risk based audit lifecycle management and producing quality report in time with recommendation

- Interacting with Functional Management & Internal Client to moderate the activities of the security & risk audit

- Control efficiency auditing and compliance assurance

- Maintaining the GRC Framework including client controls

- Document review gap assessment and document updation

- Identify the ineffective security controls and reporting the same to Head ESRG along with efficient and cost effective control plan

- Evaluating the asset based risk assessment document and conducting the risk assessment workshop

- Maintaining audit control check list

- Conducting audit in-line with ISO, PCI, SSAE 16, DPA framework to assure control adherence and improvement

- Interacting with functional management & internal client to coordinate the activities of the audits

- Serves as an internal information security consultant to the organization

- Documents/review security policies and procedures as per the instruction of ESRG Head

- Create information security awareness within the organization

- Identify new risk to the organization and recommend the controls

- Conducting in house workshops

- Presenting weekly & monthly status report along with dashboard to head ESRG