EXL Service - Manager - Information Security Risk & Management

Job Description :

Position Title, Responsibility Level : Manager

Permanent/ Temporary : Permanent

Function : Global Technology (Information Security)

Span of Control : 1-2

Reports to : Sr. Manager - Information Security

Location : Noida

Basic Function :

Information security risk management, or ISRM, is the process of managing risks associated with the use of information, information systems and information technology. It involves identifying, assessing, and treating risks to the confidentiality, integrity, and availability of an organization's assets. The end goal of this process is to treat risks in accordance with an organization's overall risk tolerance. Businesses shouldn't expect to eliminate all risks; rather, they should seek to identify and achieve an acceptable risk level for their organization.

Essential Functions :

Risk & Policy :

- Responsible for designing and continually enhancing risk management framework and methodology for maintaining an effective risk management

- Conduct Risk Assessments for Client business environments considering the information work flow, technology threats landscape, access methodologies

- Conduct Risk Assessments for Enterprise environments considering the information work flow, technology threats landscape, access methodologies

- Conduct Risk Assessments for Information Technology environment and solutions

- Conduct Risk Assessments for the Suppliers and recommend the decision for onboarding

- Design Risk Management Metrics for driving continual improvement

- Design new security policies and review the existing security policies

Primary Internal Interactions :

- Organizational Senior Leadership Team - Steering committee, Board, Audit Committee

- Client Business Operations Team

- Suppliers Security Personnel

- Technology Team

- SOC / VAPT / DLP / Malware Analysis / APT Team

- Internal Audits Teams

Primary External Interactions :

- Client Counterparts

- Auditors (Big 4s)

Skills :

Technical Skills :

- Security Risk Identification and Assessment

- Technical Security Risk Assessments

- Knowledge of Encryption, Cyber Threat Vectors, ITGC controls

Process Specific Skills :

- Security Governance, IT Governance, Risk Compliance, IT Security, Lead Audit, System Audit, SOX Audit, Lead System Auditor

Soft skills (Desired) :

- Good Oral and written communication skills

- Good Presentation & Public speaking skills

- Creativity and Problem Solving Skills.

- Self-motivated and Self-driven

Soft Skills (Minimum) : Same as above

Education Requirements : Graduation

One or more of the following certifications is desirable :

CISA / CISM / CISSP / ISO27001 / CRISC

Work Experience Requirements :

Total Experience : 5 - 8 years Information Security experience with the relevant experience of 5-8 years running the Risk Management program in a multinational company at the organizational level.