L&T Infotech - Information Security Role - Risk/Audit

LTI Intro :

LTI (NSE: LTI) is a global technology consulting and digital solutions company, helping more than 250 clients succeed in a converging world. With operations in 27 countries, we go the extra mile for our clients and accelerate their digital transformation with LTI's Mosaic platform enabling their mobile, social, analytics, IoT and cloud journeys. Founded 20 years ago as a subsidiary of the Larsen & Toubro group, our unique heritage gives us unrivalled real-world expertise to solve the most complex challenges of enterprises across all industries. Each day, our team of more than 20,000 LTItes enable our clients to improve the effectiveness of their business and technology operations, and deliver value to their customers, employees and shareholders.

For more details please visit our website www.lntinfotech.com

Purpose of the role :

- Lead and Manage Security compliance audit assurance programme for the client accounts to support all compliance audit and certification reviews in line with client contractual commitments and enterprise policies & standards

- Liaise with organization technology security policy, ISO 27001, Data privacy and requirement to remediate new and outstanding issues; track security-related issues.

Position reports to : Chief Information Security Officer (CISO)

Main Responsibilities :

- Responsible for validating compliance to enterprise controls and client mandates of all info security, network, data security and data management controls across all locations for client account

- Own and deliver all security related audits and Certifications

- Proficient in security compliance assurance programme implementation with a defined calendar schedule for assurance review / audit

- Strong presentation skills to demonstrate client account level compliance to enterprise security & monitoring controls and client contractual commitments from compliance perspective

- Ensure security gaps identification, assessment, quantification, reporting, communication, mitigation and monitoring

- In-depth knowledge of security compliance and assurance concepts including risk assessment, risk acceptance process, vulnerability management, etc.

- Revise and develop processes to strengthen the current Security Assurance Framework, Review policies & client contractual documents to highlight the challenges/dependencies in managing SLAs

- Creation of reports, dashboards, metrics for security compliance & assurance operations and presentation to CISO and enterprise leadership

- Oversee and / or conduct information security audits as per internal defined schedule and support facilitation of client / certification audits.

Qualifications :

- A bachelor's/master's degree required.

- CISA, CISM, CRISC, CISSP is an advantage.

- Experience of at-least 14 years in Information Security domain.

Functional Skills :

- Strong understanding of Security Compliance and Risk Assurance.

- Strong knowledge of risk assessment, security incident management, compliance audits, security metrics

- Sound knowledge of ISO 27001:2013, Knowledge of NIST 800-53 and NIST Cybersecurity Framework

- Working knowledge of industry standards such as SOC1/SOC2, CIS

- Working knowledge of privacy standards such as GDPR/ CCPA