Manager - Information Security/Compliance - Conglomerate

A Leading Conglomerate is seeking to Manager - Information Security Compliance 

Job Description:

Information Security compliance management:

- Devise annual compliance & audit schedule

- Run annual compliance programs throughout the year

- Drive a culture of zero non-compliance in IT

- Front face all audits carried out on IT department

- Responsible for SOX and ISO27001 Audit

- Manage SAP GRC audit and also for AC & PC related provisions in SAP

- Run security awareness campaigns

- Ensure compliance of all initiatives by design

Information security projects management for identified security projects in the roadmap:

- Prioritize security initiatives in alignment to information security needs of business.

- Create business case for the identified security solutions relevant to the business security concerns.

- Develop the implementation requirements based on present architecture and suiting security needs.

- Manage the activity from procurement to implementation and transition to respective operational owners.

Works with IT Operations and Architecture team to:

- Ensure compliance to IT policies in delivery of projects.

- Identify the right solutions for the organization security posture linked to organizations needs

- Implement the solution as per approved plan

Enhancements:

- Review security requirements of other IT projects and initiatives and recommend enhancements.

- Continuously evolve the security roadmap in accordance to the upcoming threats

- Automation of security dashboards and compliance management

- Devise Digital security roadmap and maintain it

Knowledge of Cyber Security Automation solutions:

- Security Orchestration, Automation and Response

- Integrated risk management / GRC solutions

Secondary Responsibilities:

Information security projects management for identified security projects in the roadmap:

a. Prioritize security initiatives in alignment to information security needs of business.

b. Create business case for the identified security solutions relevant to the business security concerns.

c. Develop the implementation requirements based on present architecture and suiting security needs.

d. Manage the activity from procurement to implementation and transition to respective operational owners.

- Review SOC working on the weekly basis and investigate on indicators of compromise

- Plan continuous improvement initiatives for perimeter defense systems.

- Participate in compliance and risk management activities

- Maintain Data leakage prevention program.

Skills / Experience Required:

- Skilled in SOX and ISO27001 compliance

- Experience in delivering IT security projects

- Knowledge of security solutions and their integration.

- Knowledge of application security assessment tools and assessment programs.

- Ability to track compliance gaps to closure

- Excellent communication and interpersonal skills

- Knowledge of GDPR and similar privacy compliance requirements

- Able to develop and apply appropriate technical skills

- Ability to collaborate and work with different partners together for achieving security objectives.

- Security certifications like CISA / CISM / ISO27001 LI or LA

- Team-oriented work approach