Job Description :
Primary Responsibility Primarily responsible for:
- Planning, creating, establishing, managing, monitoring and serving as a subject matter expert in leading the Enterprise-wide Information Security Risk framework
- Developing policies, standards and procedures necessary to ensure company compliance with all applicable law and regulations.
- Developing and reporting information security risk metrics, including Key Risk Indicators
- Maintaining the Acceptable Risk Document (ARD)
- Facilitating both internal and external audits, customer visits, and actively project-manage the remediation of audit findings.
- Responding to Client RFPs and Questionnaires on Security and manage key client audits.
Performance Parameters
- Compliance to Information Security policies, standards and processes
- Client relationship management(facilitate external audits, PCIDSS, ISO 27001, customer audits)
- Risk Metric reporting - Manage and develop an information security risk dashboard to track IS risk assessment activities, remediation efforts, and consolidated risk metric reporting.
Role Responsibilities
- Responsible for planning, creating, establishing, managing, monitoring and serving as a subject matter expert in leading the Enterprise-wide Information Security Risk framework;
- Manages the process and conduct information security reviews across multiple internal business units and enabling functions, external third parties, partners and systems.
- Develops policies, standards and procedures necessary to ensure company compliance with all applicable law and regulations.
- Leads the development of risk management strategies through the identification, quantification and mitigation of risk that can impact the organization.
- Manages the communication with senior management, internal business units, and external and internal auditors.
- Leads the development and reporting of information security risk metrics, including Key Risk Indicators.
- Manages and develop an information security risk dashboard to track IS risk assessment activities, remediation efforts, and consolidated risk metric reporting.
- Stays informed about the latest security threats and vulnerabilities. Reviews information security policies, procedures, network diagrams and other relevant documentation;
- Determines and documents information security risks and suggests controls necessary for the protection of sensitive information.
- Chairs the information security working groups
- Coordinates and presents security reviews findings to the Enterprise Security team.
- Conducting information security trainings and awareness sessions
Primary Internal Interactions
- Technology Group
- DRP / BCP teams
- Corporate functions viz., Internal Audit, HR, Facilities, Finance, Legal etc.
- Business Units i.e. TTL, Insurance, Analytics etc.
Primary External Interactions
- Client/Client Auditors
- Third Party suppliers and service providers
- Security product and service vendors
Qualification Bachelor's degree in information technology or computer science related field.
One or more of the following certifications are desirable:
- CISA - Certified Information Systems Auditor
- CISSP - Certified Information Systems Security Professional
- CISM - Certified Information Security Manager
Strong knowledge of information security frameworks (NIST, ISO, HITRUST).
Experience: Ten years plus of related experience in Management positions or in a consulting role with a broad view of operational processes.
Security certifications that are most relevant for this position include:
- CISA - Certified Information Systems Auditor
- CISSP - Certified Information Systems Security Professional
- CISM - Certified Information Security Manager
Ability to understand requirements and business drivers and priorities, and integrate these requirements into overall security design.
Competencies
- Auditing and Risk Management experience.
- Strong domain understanding of offshore technology sectors and / or business operations
- Strong analytical and quantitative skills
- Ability to maintain and develop peer, customers and partner relationships
- Ability to develop security strategies consistent with business core values
- Ability to interact effectively with senior executives
- Strong time management skills and experience, including ability to manage multiple time dependent projects in parallel and on short deadlines
- Excellent written and verbal communication skills, including development and delivery of concise, effective presentations
- Exceptional interpersonal and team-building skills with experience in matrix and remote management
- Strong project and process management skills
- Ability to document and explain technical details in a concise & understandable manner
- Excellent Presentation & Public speaking skills
- Ability to work independently in a self-directed manner and collaboratively as a team leader or member.
Other duties as assigned
Didn’t find the job appropriate? Report this Job