Piramal - Chief Manager - Information Security

 - Practical experience managing multiple large-scale compliance/audit projects simultaneously for compliances like IT act, PCI-DSS level 1, PCI-PIN and ISO 27001:2013. Coordinating with different stake holders, working with external ISO-27001 and PCI-DSS certifying organizations, certifiers and IT auditors and ensuring end to end compliance for all functions including IT, HR, admin, finance, operations, software development and legal.

- Ability to set-up SOC (security operations centre) from scratch along with successful implementation knowledge of SIEM tools.

- Conduct Risk assessments across the functions and present the top risks to management. Create an IT compliance risk assessment framework and periodically assess the regulatory, commercial and organizational, inherent and residual IT compliance risks.

- Ability to design policies, procedures and standards along with information security training programs. Initiates, facilitates, and promotes activities to develop information security awareness within the organization including conducting internet audit training as per ISO 27001 guidelines and PCI-DSS standards.

- A very good understanding of designing and implementation of DLP, advanced end point security, malwares, bots and next gen firewalls, APT solutions exposure including protecting against Ransomware attacks.

- Coordinates the development of the organization's disaster recovery and business continuity plans for information systems, and test readiness. Create BCP test cases, BCP document and plan.

- Continual improvement process, measurement & tracking of overall ISMS maturity and goals of the organisation.

- Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio.

- Conduct internal audits to measure readiness against company security guidelines, ISO27001:2013, COBIT, PCI-PIN and PCI-DSS standard. Plan, schedule & execute internal audits with all stake-owners within the business units.

- Understand application vulnerability concepts, compliance management, patch management, and vulnerability intelligence technology. Good experience in vulnerability remediation position.

- Ability to create a good Incident management and tracking program.

- Strong analytical & troubleshooting skills

- Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, management and business personnel.

- Ability to lead a team of professionals and experience with setting up KRAs, performance evaluations as well as keeping the team motivated continuously.

- Should have worked with external 3rd parties, application security vendors and service provider continuously evaluating their performance and SLAs along with review of NDAs and contracts.