Information Security Lead

Hiring for Leading NBFC Company as Lead_information Security in Mumbai

Experience:

- Minimum 10 years of proven experience in Information Security, with a strong focus on:

- Vendor risk assessments,Cloud security (AWS, Azure, OCI) ,Regulatory compliance

- Business Continuity Planning (BCP) & Disaster Recovery (DR)

Extensive experience in:

- Security audits

- Policy and framework development

- Incident response and emergency protocol management

Technical Skills:

- Hands-on expertise in cloud security management across platforms such as AWS, Azure, or Oracle Cloud Infrastructure (OCI).

- Familiarity with risk management frameworks and compliance standards (e.g., ISO 27001, NIST, etc.)

- To handle technical information security aspects of (NBFC) including handling information security tools, application security testing, infrastructure security testing, technical security compliance and cloud security controls. The role defines, implements and monitor security controls for IT assets of the organization

- Third-party Risk Management: Review the risk assessments of third-party vendors, ensuring compliance with security standards and mitigating potential threats.

- Application Security testing: It includes the review of technical assessment (code review, application security & vulnerability assessment) of partner & internal infrastructure.

- Data Security: Review of the Access controls, Encryption, and Data Loss Prevention (DLP) controls to safeguard confidential data. Review of the security controls implemented for cloud environments and services.

- Internal & External Regulatory Audits & Compliance: Lead internal and external regulatory audits to assess the effectiveness of security controls, vulnerability assessments, ensuring compliance with relevant standards and regulations. Organize Information Security Committee (ISC) meetings with Senior Management.

- Information Security Awareness & Emergency Response: Ensure Information Security awareness for all employees and vendor staff. Conduct tabletop exercises to discuss various business disruption scenarios for Senior Management.

- Security Operations Centre (SOC) monitoring: Monitoring & closure of the security alerts observed by the centralized SOC & vulnerabilities observed in the infrastructure & networks. Brand protection & Dark web alerts monitoring & closure.

- Security tools implementation & monitoring: Security Architecture review, Network review, Implementation, monitoring & support of various security tools (PAM, Guardicore, DAM, DLP, EDR, VAPT etc.) as per the organizational requirements.

Preferred Qualifications:

Professional Certifications such as:

- CISSP (Certified Information Systems Security Professional)

- CISM (Certified Information Security Manager)

- ISO 27001 Lead Auditor

- ISO 22301 Lead Auditor

- CISA