Information Security Auditor - Insurance

The role is responsible for articulating and enforcing policies to protect organization information assets against internal and external threat

Key Responsibilities :

Responsibilities :

- To develop and maintain information and cyber security policy, procedures to support organization information security program

- To translate information security program into specific actions which shall include security awareness, security infrastructure, security incident response and risk management

- To work closely with IT and other functional teams and monitor implementation of information security projects and controls for new or identified deficiencies

- To conduct information security risk assessment on an ongoing basis and report any significant risks to ISC

- To Manage VAPT/config audit for IT Infra and application and ensure vulnerabilities are fixed within regulatory timeframe

- To conduct security assessment for new vendors during onboarding and ongoing basis to ensure information and cybersecurity is not compromised

- To manage and maintain BCP/DR including conducting annual drills

- To ensure monthly and Quarterly infosec dashboard are published for Infosec Governance

- To conduct annual internal IT infosec review/annual audit as per IRDAI HR/ JD/ Ver1.0/1 st Feb 2020

Job Requirements :

- Qualifications Preferred MBA with Engineering Background/CA, Risk certifications like FRM/PRM

Experience : 7-9 years of relevant experience

Base skill :

- Understanding of organizational systems, process, and products

Functional Competencies

- Risk prevention and detection-Knowledge of information Security and IT standards (COBIT, ITIL, ISO 27001 etc.). Conversant with IT Security tools

- Risk Management- Certified Risk Professional (CISA, CISSP, CISM, ISACA etc.)

- Regulatory knowledge

- Analytical skills

Behavioral Competencies :

- Collaboration

- Execution excellence

- Growth through differentiation

Business Acumen :

- Key Interactions

- Internal Nature or purpose of interaction

- To work closely with IT for infosec compliance and monitor implementation of information security projects

- Other functions :

- To provide the functions and Users assistance in correcting