Assistant Manager - Information Security

Role Overview:

As the security and compliance manager, you will be responsible for identifying and monitoring company risk and helping to ensure compliance with changing regulations and security standards. You will be responsible for building and enhancing SPNI's security and compliance posture, performing internal security audits, responding to security due diligence requests, performing third-party security assessments, and coordinating internal and external annual audits. Reporting to AVP - Infrastructure, the incumbent will be responsible for the overall management of IT Security Management and cloud computing infrastructure. You will be the single point of contact for all Information security related activities/Operations.

Key Accountability & Responsibilities:

- Execution of Information Security management framework for the Company in line with the parent Company's policies and guidelines

- Ensure creation and regular update of Information Security policies, procedures and guidelines based on latest available technologies, processes and employee requirements without compromising on the security of the organization

- Management of security solutions such as Patch Management, Network Access Control (NAC), Mobile Device Management (MDM), Data Leakage Prevention (DLP), endpoint security solutions, Information Rights Management (IRM), IDS / IPS, Firewall, Privilege Identity Management (PIM) Solution

- Development & deployment of effective training of Information security to the end users in the Company

- Review infrastructure and application architecture for security and compliance; provides actionable guidance to ensure secure infrastructure and application architecture posture.

- Analyze, report and provide inputs for avoiding of Information Security breach incidents

- Perform and Management of vulnerability and penetration testing for information systems & assets.

- Provide technical and quality oversight regarding IT risks, controls, and technologies, including ongoing risk assessments, risk decisions, control implementation, evaluation of segregation of duties, and process improvement opportunities. Risk analysis of external partners/vendors.

- Review and investigate compliance with established Information security policies, standards and procedures, assess requests for exception and/or exemption to policy and recommend appropriate disposition

- Coordination with Sony's global IT security team on status updates and resolving the vulnerabilities

- Hands on experience with ISO 27001, SOX and other management standards implementation. Implement/manage compliance framework (SOC2, ISO 27001, GDPR) controls and processes into an actionable, well-understood, and monitorable program where control owners are aware of their ownership of controls.

- Ensures compliance in the areas of SOX, ISO 27001, GDPR, PCI, HIPAA, and other Global Regulations by ensuring IT controls are operating effectively and controls deficiencies are tracked and remediated in timely manner

- Experience working in a security, fraud or risk management function. Interact with the process owners to understand the nature of business, the controls and possible risk

- Responsible for managing internal & external audits and ensure zero / minimum observations

- Assist in the preparation of executive presentations and participate in recurring security governance oversight meetings.

- Experience in working with security and access controls and provisioning in cloud environments such as AWS, GCP, and Azure.

- Experience with Cloud operations and cloud security services, including firewalls, intrusion detection, vulnerability scanning, OS patching, system hardening/health checking

- Facilitate and support the testing of the various DR / BCP plans and report findings of the tests along with suggested remedial actions is a plus.

Qualifications/ Requirements:

- BE Graduate, with a Computer/Electronics background

- Minimum experience of 6+ years in an Information Security role

- Good understanding of information security standards / regulatory requirements including ISO27001, SOX, GDPR etc.

- Industry certification CISA, CISM, ISO 27001, AWS Security Cloud Certifications. CISSP is a plus.

- Knowledge of Data Protection such NAC, MDM, DLP, PIM & IRM

- Good understanding of information technologies including LAN / WAN, firewalls, Antivirus management systems, Patch Management, hardening guidelines etc.

- Experience in working in governance, risk and controls over cloud environments such as AWS, GCP, and Azure is a plus.

Skills & Abilities :

- Excellent communication skills (both written and verbal)

- Effective presentation and should be able to translate and articulate IT risks in business terms

- Excellent documentation skills

Personal Attributes:

- Willing to learn new technologies

- Confident to deal independently with stakeholders across all levels including senior leadership

- Excellent time management, scheduling, and organizational skills

- Should be proactive and show initiative to go beyond defined work deliverables

- Self-motivated, should be to work with minimal supervision

- Self-starter and willing to take on new initiatives and responsibilities

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.