Senior Manager - Information Security Governance

Key Responsibilities :

- Manage and lead the Information Security governance process including Policy and Standards across the organization

- Manage ISO 27001 ISMS audits and certification program

- Provide oversight on the reporting and assist IT Stakeholders in defining IT strategy, information architecture and other technology directions

- Conduct assessment/review of IT processes and recommend action for improving IT governance maturity using reference frameworks like ISO 27001/ ITIL/others

- Operate and maintain the Information Security Management System (ISMS) of IT services based on ISO27001

- Plan and implement ISMS in key business functions

- Assess and manage information risks enterprise risk management

- Manage Information Security policy and procedure documents, including but not limited to incident response, IT security policy, segregation of roles and responsibilities, audit plans, methodology, risk register, etc

- Develop and institute standards, policies, procedures, guidelines

- Maintain compliance to accreditations/certifications like ISO27001 (surveillance, re certification audits)

- Assist in compliance to policies and all applicable external regulations as required.

- Oversee Security Awareness program at organizational level including the Information Security training programs for staff and work towards continuous improvements.

- Interface with business users, collect their feedback on Information Security performance, and drive improvements

- Provide reports to senior management for review of information security risk and governance

- Keep abreast with latest security and privacy regulations, advisories and alerts.

Requirements :

- Bachelor of Engineering or equivalent

- 10-13 years of experience in the field of Information Technology & Security audits

- At least nine(9) years of Information Systems & Security audit experience

- Experience in implementing IT controls within the IT governance framework and designing overall governance framework using standards like ISO 27001/ITIL

- Understanding and experience with risk and compliance (GRC) concepts / tools

- Working hands-on knowledge of ISO27001, ITIL

- Preferred, exposure to Financial Services industry

- Strong organizational and planning skills

- Excellent communication skills (written, verbal and interpersonal) including effective presentation and training skills to all levels of the organization and the ability to communicate IT risk in business terms; confidence to talk and present to senior leadership

- Effective PC and documentation skills (Excel, Word, PowerPoint, Visio, MS Project etc.)

- Ability to work cooperatively with all levels of staff

- Must be able to take initiative in the interest of company and its customers.

- Good communication/ good attitude, commitment and dedication.

- Excellent documentation skills

- Possesses skills like critical thinking, decision-making, conflict resolution, communication, leadership and problem solving skills.

- Certifications such as CISA, CISSP, CISM, CEH, ISO27001 LA required at least two certifications