Kirtane & Pandit LLP - Senior Manager - Information Security

Designation: Senior Manager- Information Security

Working Days: 5 days

Work Mode: Onsite

Job description:

As a Senior Manager of Information Security, you will play a pivotal role in leading and managing a team of skilled information security professionals. This role demands a comprehensive understanding of IT Governance, cybersecurity strategies, risk management, audit methodology and the ability to provide expert guidance to clients.

The person must have hands-on 3 years of experience in performing IT audits, SOC2, ISO 27001/ BCP implementation, risk assessment in initial years of career. The person should be of consulting background. You will be responsible for overseeing the delivery of high-quality information security consulting services, ensuring that client expectations are not only met but exceeded.

Responsibilities:

1.Leadership and Team Management:

- Lead and inspire a team of information security consultants, fostering a collaborative and innovative work environment.

- Provide mentorship, guidance, training for team members.

- Update the team about evolving cybersecurity threats and technologies, new audit methodology and tools

2.Client Engagement:

- Work closely with clients to understand their business objectives and tailor information security solutions to meet their specific needs.

- Serve as a trusted advisor to clients, providing strategic insights on information security best practices, risk management, and compliance.

- Meet the clients at the time of kick off and on periodic visit during the project duration

- Update the clients about new threats impacting their environment, regulatory guidelines.

3.Project Management/ Audit Planning

- Develop and execute IT/system audit plans/ project plan in alignment with organizational objectives and regulatory requirements

- Oversee the planning, execution, and delivery of information security consulting projects within scope, budget, and timeline.

- Guide or perform detailed examinations of IT systems, processes, and controls

- In case of audit, maintain comprehensive and accurate audit documentation, prepare clear and concise audit reports outlining findings, risks, and recommended remediation actions and communicate audit results to management and relevant stakeholders

- Implement project tracking tools and submit the status report to senior management on regular basis.

4.Technical Expertise:

- Stay abreast of the latest trends, vulnerabilities, and technologies in the information security landscape.

- Stay update with new regulatory/ legal requirements

- Prepare expert note on new changes for internal purpose skill upgradation

- Working knowledge of Global Standards (Like ISO 27001, 27701,31000, 22301), Frameworks (NIST etc) Certifications,

5.Risk Assessment and Mitigation:

- Conduct risk assessments to identify potential vulnerabilities and recommend appropriate mitigation strategies.

- Collaborate with clients to develop and implement effective risk management programs.

6.Policy and Compliance:

- Assist clients in developing and implementing information security policies, procedures, and guidelines.

- Ensure compliance with relevant industry regulations and standards.

7.Communication and Reporting:

- Communicate complex technical concepts to both technical and non-technical stakeholders.

- Prepare and present comprehensive reports to clients and senior management.

Desired Candidate Profile:

- Extensive experience (5-8 years) in information security consulting or a similar role.

- Professional certifications such as CISSP, DISA, CISM, or CISA are highly desirable.

- Strong leadership and interpersonal skills with a proven ability to manage and motivate a diverse team.

- Excellent communication and presentation skills.

- In-depth knowledge of Audit standards, cybersecurity frameworks, standards, and best practices.

Experience required: 5-9 years