Chat

iimjobs

jobseeker Logo
Now Apply on the Go!
Download iimjobs Jobseeker App and get a seamless experience for your job-hunting
24/07 Pragya Kulshrestha
Recruiter at Unilever

Views:1417 Applications:73 Rec. Actions:Recruiter Actions:0

Unilever - Information Security Risk & Governance Manager (5-10 yrs)

Bangalore Job Code: 240794

Job Title : Information Security Risk and Governance

Job Location : Bangalore, India

Department : Information Security

Reports To : Senior Manager, Information Security Risk

Business Context and Main Purpose of the Job

The Information Security Risk and Governance Manager is responsible for maintaining the Information Security risk framework and reporting to support the Information Security team to proactively identify and manage information security risks to ensure achievement of objectives and delivery of relevant reporting to senior management and executive

Maintaining a monitor on the external threat landscape and contributing to key communications and reporting to all levels of the organisation and supporting engagement with the wider business community through provision of materials to inform business users and security champions of risks and requirements.

Key to the role is to support Senior Manager and Director for Risk with multiple stakeholders across IT, Legal and Audit to support operations and compliance to IT Security policies, standards and guidelines and support awareness and training programmes across the business.

CORE ACCOUNTABILITIES:

To support, maintain and ensure compliance to information security policies and standards and to ensure the Information Protection governance framework is operating effectively including, compliance to regulatory requirements and ensuring Information Protection risk and governance framework is operating effectively.

INFORMATION SECURITY POLICY

- Understand the corporate requirements related to security and regulatory compliance, and ensure these requirements are met through a comprehensive policy framework.

- Support the Senior Manager and Director Information Security Risk in interpreting and identifying impact of key regulatory changes to ensure that Information Security policy is reflective of changing requirements and risks.

- Establish and maintain appropriate mechanisms to monitor and provide assurance of compliance with security policies in order to ensure the confidentiality, integrity, and availability of Unilever's systems and data.

- Ongoing measurement and reporting of compliance to information security policy framework.

- Maintain relationships with key stakeholders across the business and IT in order to drive awareness of, and compliance to, the policy framework.

IMPLEMENT AND SUPPORT INFORMATION SECURITY RISK MANAGEMENT

- Be aware of corporate requirements related to security and regulatory compliance, and align these requirements to information collected from Security Operations, Security Solutions and other metrics towardstheir integration into Unilever environment to support risk identification

- Proactively engage with the Security Operations and Security solutions teams to support identification, definition and reporting of risks and alignment to risk governance processes in accordance with the risk governance reporting timetable

- Maintain Information Security Enterprise risk register supported by the Information Security Analyst

- Implement and support appropriate security policies in order to ensure the confidentiality, integrity, and availability of Unilever's systems and data.

- Support the Senior Risk and Governance Manager in reporting impact of key regulatory changes to ensure that Information Security policy is reflective of changing requirements and risks

- Monitor for updates to Information security policies on established frequencies.

- Ensure Information Security risks from all sources (Information Security processes, business operations, critical applications, internal incidents, external threat landscape and critical suppliers) are appropriately assessed and lifecycle managed.

- Maintain a monitor of threat landscape and risks, providing input to key communications and reporting

- Establish regular review mechanism for testing the health and effectiveness of the risk management framework

GOVERNANCE AND COMPLIANCE FRAMEWORK

- Support Senior Information Security Risk Manager to deliver and embed theoverall Information Security risk and governance framework and ensure it operates effectively

- Maintain, implement process for company-wide annual policy compliance statements, be the hands on point-of-contact for effective audits and ensure root cause analyses of audit comments

- Monitor key metrics in order to measure the effectiveness of compliance and highlight risk areas. Support Engagement Manager with engagement with BISO, ITSO and network of code officers to ensure smooth flow of information and status reporting for company-wide compliance.

- Manage effective tracking of remediation plans and escalating risks in a timely manner

- Report and submit for reporting the Information Protection status at pre-determined intervals.

- Manage mechanisms for Information Protection status reporting to deliver assurance to relevant risk governance groups at pre-determined intervals.

- Manage engagement with both internal and external audit processes including the management and remediation of all identified deficiencies.

- Monitor key controls and performance metrics across all aspects of Information Security and ensure reporting is appropriate for all stakeholder groups.

- Support the Senior Manager and Director Information Security Risk in developing, providing and maintaining key reporting to the leadership team and senior executive.

- Produce and maintain key reporting dashboard

THIRD PARTY COMPLIANCE

- Support this 3rd party Manager to track and monitor third party supplier compliance with Unilever controls and security requirements throughout the contract lifecycle, as required by the 3rd Party Management Framework and integration with the risk management framework

- Support the Third party Risk Manager with monitoring third party access to Key Assets (Crown Jewels) and escalate exceptions to policies, risks within the Governance framework

- Support the Third Party Risk management with development and management of the regular reporting on risk and compliance status of suppliers

ASSET MANAGEMENT

- Support Senior Manager Information Security by maintaining an Information Security Inventory identifying all critical information assets via interfaces with key asset management systems within Unilever

STAKEHOLDER MANAGEMENT

- Develop and manage stakeholder relationships within Unilever and key 3rd Parties, including information security, legal, digital marketing, HR, local data protection officers and other businesses.

- Key point of engagement within the Information Security teams.

ADVISORY

- Offer internal consultancy advice and practical assistance on information security risk and control matters throughout the organisation.

- Work collaboratively with security teams and engagement manager to support communication and guidance to operational teams and businesses

- Support Engagement Manager with the wider business community through support and engagement with the Information Protection Network and provision of material to inform business users and champions of security risks and requirements

Essentials

- Experience in an IT Risk or Governance role.

- Min 5 years hands-on experience in IT Security role with governance responsibilities

- 5 years industry experience working at a middle management level in large complex business environment requiring balanced risk decisions. This experience should also include working on initiatives needing financial acumen,and managementof stakeholder pressures.

- Providing risk based security advice and evidence of assessing, identifying and mitigating risk resulting from a KPI based control framework.

- Achieving outcomes and results by influencing the way resources not in your control are utilised as well as in managing them directly

- Implementing and managing IT Security frameworks delivering positive and effective outcome to the business

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.

Women-friendly workplace:

Maternity and Paternity Benefits

Add a note
Something suspicious? Report this job posting.