upGrad - Manager - Information Security

Manager - Information Security

Job Title: Manager - Information Security

Roles and Responsibilities:

- Ensure Compliance to the Regulatory requirements w.r.t the Information and Cyber Security requirements.

- Identify and develop the InfoSec Policy, Processes, & Procedures to incorporate the industry benchmarks / best practices and the latest trends.

- To identify, track, monitor & ensure compliance with InfoSec Policy, Regulatory, Legal & Audit requirements.

- To develop & manage InfoSec Training & awareness.

- Work with respective stakeholders to ensure that the Policy/Procedures, regulatory, legal & audit requirements for Information & Cyber Security are understood and implemented on continual basis.

- Monitor & track the compliance to all relevant processes/practices to ensure that they are followed as desired.

- Liaison with internal and external Security Audits & Assessments - VAPT, GDPR/ISO 27001 compliance.

- Establish continual improvement process to mitigate identified gaps & improve overall maturity to provide adequate assurance.

- Establish security metrics based on agreed KGIs/KPIs to monitor & track compliance.

- Escalate deviations and violations in a timely manner.

- Remain updated with latest security trends and related regulatory & legal requirements.

- To maintain the required security posture for cloud security, primarily AWS & Azure.

- To maintain & improve code security & DevopsSec practices

- To maintain & improve the endpoint security, by bringing in DLP, Data classification practices.

- To review and improve email, apps & network security.

- To run periodic phishing campaigns.

Key Skills and qualifications:

- Bachelor of Engineering/computer science or equivalent from a recognized University

- The ability to interact efficiently with peers and customers is required.

- 7-9 years with relevant experience in establishing & managing InfoSec Governance & Compliance.

- Should have sound knowledge & experience in developing Enterprise Framework, Policies and Processes by adopting Industry Best Practices & Standards like ISO27001, and Regulatory Guidelines.

- Should have strong analytical and communication skills.

- Should have sound knowledge, experience & understand of Compliance Management.

- Should have ability to develop and effectively measure, present Dashboard/reports with or without GRC tools.

- Should have experience in developing InfoSec awareness program and rendering InfoSec awareness sessions.

- An individual with 2-3 years of IT experience in networking would be preferred.

- Candidate with professional security certificates like CISA, CISM, ISO27001 Lead Auditor would be preferred.

- Good understanding of cloud security, AWS, Azure is must to have.