Client Domain: Fintech / Financial
Job Title: Manager /Sr Manager Information Security
Based at: Gurgaon, Haryana
Position reporting to: Head IT
Salary: Up to 20 LPA
Job Description
Job Purpose - Being integral part of client core IT team, responsible for: Information security management; Operational risk management; Cloud Infrastructure & Application security; Network & data security; IT Vendor Risk management; IT Risk, audits & quality assurance; ITIL, ISO 27001 & ISMS implementation.
Key Responsibilities:
1. Managerial Responsibilities
- Interact regularly with key business functions to Own, drive and oversee development and implementation of risk assessment framework & InfoSec maturity enhancement across organization
2. Functional Responsibilities
- Build, maintain and ensure adherence to the IT & InfoSec Risk & Compliance framework and monitor the processes, policies, procedures and standards applicability, effectiveness and efficiency.
- Experience on various IT service management standards such as ITIL and IS management standards like NIST, ISO 27001, ISO31000 and ISO22301
- Ensuring governance to the Organization's Information Security Policy and Standards across all Business units and support functions based on ISO27001 and other mandatory checks.
- Processing continual improvement of documented IT, InfoSec & ISMS processes from a risk perspective
- Respond to departments execution, goals and objectives assuring processes, policies and standards provide measurable results while complying with business goals and regulatory requirements
- Work along with-it team in monitoring risk management processes and collaborating for any required remediation, co-ordination of IT responses to internal and external audit
- Ensuring an appropriate level of risk oversight is provided over outsourcing partners and other strategic suppliers, in particular the infrastructure, application and operational services providers, as required by group standards
- Develop reports for the executive audiences on standards governance activities and assist management in monitoring IT audit remediation efforts
- Design, implement and manage cyber threats detection and protection solutions (technologies/processes/SOC etc.)
- Design, implement and manage threat response process and drive security forensic investigations as required
- Manage Moody's audit, all external audits by coordinating with the Third parties, regulators and external auditors
- Experience in Infrastructure, network security, application & mobile security, malware analysis
- High level of experience maintaining security of the infrastructure, services and capabilities including cloud, firewall, switch & routers, application & network architectures with VPN and MPLS.
- Experience in IT general security controls compliance experience including requirements traceability, change management governance, evidence gathering, self-audits, auditing and monitoring tools.
- Experience in threat management, vulnerability Assessment /Penetration Testing Tools
- Managing Information Security Projects: requirement gathering, co-ordination, Creation and maintenance of Project Plan, Project documentation, Implementation & effective knowledge transfer
- Developing and Delivering security awareness training sessions to the existing employees and to the new joiners in the organization
- Provide timely and accurate InfoSec & ISMS related reporting (monthly, quarterly and ad-hoc) for key stakeholders
- Report daily, weekly and monthly as per project requirements
- Ability to multitask and work well under pressure
Qualifications:
- BE/BTech/ MCA Computer science, Information Technology or related field with 10-12 years of experience excellent communication and coordination skills
Functional Competencies:
- Thorough knowledge of Information Security, ITIL & ISMS framework
- Preferred experience with Financial services or IT Risk consulting firms.
- Experience of facing audit teams
- Knowledge of assets, SW license and user profile management
- Good to have industry certifications related to information security such as CISSP, CISM, CISA & ISO27001
- Good to have knowledge of PCI DSS V3
- Experience of Networking, Firewall, Routers, Switches
Behavioural Competencies:
- Excellent customer engagement, collaboration and interpersonal skills
- Excellent verbal and written communication skills to interact effectively across all levels from individual contributors to C-level executives
- Ability to articulate their thoughts and ideas clearly
- Crisis, conflict management and issues management skills
- Ability to influence without authority
Didn’t find the job appropriate? Report this Job