Manager - Information Security - IT

Position:Information Security Manager

Location: Mumbai

Job description

Key responsibilities

- Leads the design, implementation, operation and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including certification against ISO/IEC 27001

- Liaison with and implement security governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary. Liaise on information security matters such as routine security activities plus emerging security risks and control technologies

- Leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security

- Forms a centre of excellence for information security management, for example offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promoting the commercial advantages of managing information security risks more efficiently and effectively

- Commissions the preparation and authorizes the implementation of necessary information security policies, standards, procedures and guidelines, as part of the Security Committee

- Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations

- Commissions suitable information security awareness, training and educational activities

- Leads information security risk assessments and controls selection activities

- Liaison with external vendors on annual assessments. Responsible for interacting with external audit teams and ensuring that all necessary evidences are gathered and properly responded to.

Key personal characteristics and competencies of the ideal candidate

- At least 5 years of full-time work experience in information security management and/or related functions (such as IT audit and IT Risk Management)

- Information security management qualifications such as CISSP or CISM

- Absolutely trustworthy with high standards of personal integrity (demonstrated by an unblemished career history, complete lack of criminal convictions etc.), and willing to undergo vetting and/or personality assessments to verify this if necessary

- Hands-on team leadership and management experience, ideally coupled with suitable management qualifications such as an MBA

- Typically a background in technical IT roles such as IT architecture, development or operations, with a clear and abiding interest in information security