Manager Infosec - Risk & Compliance

JOB DESCRIPTION

Contribute to the organization wide information security standards and certification programs such as SSAE/ ISAE SOC1, SOC2, ISO 27001, PCI DSS, HIPAA and ISO 20000 etc.

Demonstrate advanced knowledge of auditing processes/procedures and conduct periodic risk based internal audits and assessments across organization wide functions and IT systems, to highlight the potential risk exposures/ vulnerabilities and perform risk analysis.

Performs audit planning, co-ordinations and statistical sampling to accomplish audit procedures.

Performs periodic internal audits (testing and walkthrough procedures) of various functions to determine company compliance on the various information security standards and certifications such as SSAE/ ISAE SOC1, SOC2, ISO 27001, PCI DSS, HIPAA and ISO 20000 etc.

Recommends revisions to audit procedures to enhance efficiencies. Reviews internal controls throughout the company by evaluating the adequacy of system controls and recommends improvements.

Should be able to demonstrate knowledge of IT Security aspects towards key areas like Cyber Risks, SIEM, Network Security, Data Centre operations, End user device management, application support infrastructure, IT general controls (ITGC), and frameworks like COBIT and COSO.

Provide advice and take action, where necessary, in response to audit findings and recommendations with respect of information security.

Provide expert advice to the organisation on information risk management. Develop and deploy methodologies for risk assessment and prioritization, risk responses, and risk management capability assessments.

Continuously assess the shortfall between both actual security measures in place and being effective and those established at a policy level thus highlighting deficiencies for remedial action.

Suggest changes to relevant information security policies, procedures for improvement, ensuring that these are compliant with Customer Information Security policies and other legislation and regulations related to information security

Develop and implement information security awareness and training programme

Report regularly to the CISO office on the effectiveness of information security through established metrics

Maintain concurrency with security and security enhancing technologies and share knowledge with colleagues as needed to enable measures to be implemented where and when necessary/desirable.

Excellent written and oral communication skills e.g. presentation to top management and audit report writing.

Ability to work well within a team environment and participate in department projects.

Undertake any other duties commensurate with the grading of the post.