Job Description

Ensure all activities and duties are carried out in full compliance with regulatory requirements, Enterprise-Wide Risk Management Framework.

The individual holding this job role must be clear on how it directly impacts the success and goals of the supported businesses through the application of CSO strategy to strengthen trust and power business enablement, ensuring all outcomes are delivered to the highest standard to improve the security of the organisation.

Must have experience in

Information Security

Data Security

Application Security

Responsibilities

- Responsible for ensuring the implementation of IT Policies and procedures at the operational level.

- Formalize and conduct vendor risk assessment audits, ensuring identified gaps are implemented.

- Improvise and keep internal IT / IS manuals updated with all relevant regulations relating to IT. Periodic review of Information Security Manual (ISM) understanding business/regulatory/data security/technology etc.

- Introducing and Drafting processes/policies based on findings/observations.

- Periodic review of IT processes/policies and issue an advisory note to overcome gaps/loops by highlighting associated risks.

- Introducing new processes/policies by doing a market study/survey relevant to our business and info/infra security by highlighting risk and necessity.

- Ensuring adherence to critical process/policies execution and availability of audit trails.

- Plan, Coordinate, review manage IT / IS Risk Assessments, IT audits, and VAPT with relevant stakeholders (internal-external, including vendors)

- Plan, Conduct, Review Manage periodic IT audit and IT Risk Assessments (internal-external)

- Responsible for periodic Internal External IT, Process, Policy, VAPT, and System Audits. Management

- Conduct regular internal audits in compliance with applicable legal and contractual requirements, ISO 27001 and PCI DSS requirements and the company's internal requirements

- Conduct regular Management reviews and update the management on information security aspects. The MRMs shall also focus on drawing Management's attention to the key areas for required management actions.

- Closure of audit finding with an amendment to existing process/policy to close open loops/gaps or introduce a new process/policy to close the risk.

- Plan, formulate, coordinate, implement, monitor, and manage the cyber crisis management plan (CCMP).

- Ensure necessary cyber security safeguards are designed and implemented.

- Management of cyber security and related incident reporting to management and respective regulatory bodies. Responsible for Incident Management and Resolution

- Providing relevant data IT info Sec to Partner Function/ Business as and when required.

BCP DR:

- Responsible for formulation and review monitoring of BCP plans and their implementation.

- Coordinate to conduct BCP / DR drills, present findings

Basic Qualifications

- Bachelor's Degree in computer science, engineering or related discipline or equivalent experience

- Minimum 10-14 years of experience in complex enterprises in multiple industry verticals across a wide range of technology platforms and security solutions

- Familiarity with common attack patterns, exploitation techniques and remediation techniques will be plus

- Experience with service-oriented architectures, private and public clouds, and web services security.

- Excellent communication, work prioritization and analytical skills.

- Result-oriented, high energy, self-motivated

- Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.