Information Security Compliance Manager

Roles and Responsibilities-

Information Security compliance management:

- Devise annual compliance & audit schedule

- Run annual compliance programs throughout the year

- Drive a culture of zero non-compliance in IT

- Front face all audits carried out on IT department

- Responsible for SOX and ISO27001 Audit

- Manage SAP GRC audit and also for AC & PC related provisions in SAP

- Run security awareness campaigns

- Ensure compliance of all initiatives by design

Information security projects management for identified security projects in the roadmap:

- Prioritize security initiatives in alignment to information security needs of business.

- Create business case for the identified security solutions relevant to the business security concerns.

- Develop the implementation requirements based on present architecture and suiting security needs.

- Manage the activity from procurement to implementation and transition to respective operational owners.

Works with IT Operations and Architecture team to:

- Ensure compliance to IT policies in delivery of projects.

- Identify the right solutions for the organization security posture linked to organizations needs

- Implement the solution as per approved plan

Enhancements:

- Review security requirements of other IT projects and initiatives and recommend enhancements.

- Continuously evolve the security roadmap in accordance to the upcoming threats

- Automation of security dashboards and compliance management

- Devise Digital security roadmap and maintain it

Knowledge of Cyber Security Automation solutions:

- Security Orchestration, Automation and Response

- Integrated risk management / GRC solutions

Secondary Responsibilities:

- Information security projects management for identified security projects in the roadmap:

a. Prioritize security initiatives in alignment to information security needs of business.

b. Create business case for the identified security solutions relevant to the business security concerns.

c. Develop the implementation requirements based on present architecture and suiting security needs.

d. Manage the activity from procurement to implementation and transition to respective operational owners.

- Review SOC working on weekly basis and investigate on indicators of compromise

- Plan continuous improvement initiatives for perimeter defence systems.

- Participate in compliance and risk management activities

- Maintain Data leakage prevention program.

Skills / Experience Required:

- Skilled in SOX and ISO27001 compliance

- Experience in delivering IT security projects

- Knowledge of security solutions and their integration.

- Knowledge of application security assessment tools and assessment programs.

- Ability to track compliance gaps to closure

- Excellent communication and interpersonal skills

- Knowledge of GDPR and similar privacy compliance requirements

- Able to develop and apply appropriate technical skills

- 10 years- IT experience, with 5+ in Information security domains preferably managing security projects and hands on experience with network security solutions.

- Ability to collaborate and work with different partners together for achieving security objectives.

- Security certifications like CISA / CISM / ISO27001 LI or LA

- Team-oriented work approach

Desirable Skills & Experience:

- Experience and knowledge of security solutions for Oil & Gas industry

- Recognized qualification in a project management methodology (PMP or Prince 2 practitioner)

- Leading security qualifications like CISSP / CCNP Security

- Connected to ethical hacking community

Liaison:

The jobholder will be required to liaison with business management to clearly understand business requirements of security and risks to business from different kinds of threat vectors and possible compliance requirements. Liaison with will levels of personnel to develop and maintain solid working relationship is mandatory.