Director at Antrors HR Solutions
Views:8134 Applications:220 Rec. Actions:Recruiter Actions:27
VP/AVP - IT Security & Risk Audit - IT & Consulting Firm (15-22 yrs)
Role : - VP / AVP - IT Security & Risk Audit - IT & Consulting Firm
Location :- Bangalore
- Understand high level requirements from Global, in light of the local firm's needs, and work with the CIO and CFO to budget and plan accordingly
- Manage the assignment of specific responsibilities relating to information security by coordinating with representatives from different parts of the organization with relevant roles and job functions. This would include working closely with others including the RMP, CIO, Physical Security, Legal, PPC, and meeting with them as needed (but at least quarterly) to achieve the objectives of information security.
- Work to ensure that all local IT systems and initiatives are secure and meet published global security requirements, and ensure that they do not conflict with global IT direction/plans.
- Implement new requirements and programs as directed by ITS Global and Regional Security teams.
- Manage and oversee the effective local information risk and security implementation of strategic activities with direction from Global while accommodating any specific local requirements.
- Ensure there is consistent implementation of information security across all parts of the organization.
- Maintain and update country contact information registered with Global Information Protection Group (IPG).
- Implement and enforce Organisation's Global Information Security Policies, Requirements (including those issued as part of special programs and initiatives (e.g. Enhanced Security Program, Cyber Resilience Initiative)) & Specifications together with any other applicable local policies.
- Serve as the single point of contact for all client information security queries and requirements.
- Coordinate inter-firm responses to client queries and questionnaires on information protection topics. Provide answers on behalf of their member firm and work with others to ensure consistent responses from all Organisation's firms that are delivering services to the client (including consulting services).
- Implement information security training that incorporate the key Global AUP topics.
- Implement and maintain a comprehensive, ongoing (at least annual) information risk and security awareness campaign.
- Assess information security risks and provide risk assessment signoff (including new systems acceptance and emerging risks).
- Follow local established processes for responding to security incidents, closely monitoring the situation and escalating to ITS Global in the following instances
- Serve as the single point of contact for all third party provider information security queries and security incidents.
- Complete an annual self-assessment program as requested by ITS Global.
- Carry out an annual internal audit according to the standardized approach provided by Global, based on a set of pre-defined compliance - Key Controls- .
- Coordinate and provide information as necessary to support the Global Compliance Review (GCR) Program.
- Address action items resulting from internal audits and GCR, prioritizing the compliance Key Controls.
- Identify and document instances of non-compliance with security policies, and report non-compliance to ITS Global.
- Security incident monitoring and reporting to Global Security Operation Center (GSOC).
- B.Tech / PG with 15+ Yrs experience.
- CISA/CISSP/CIA/CPA Certification preferred
Strong experience in IT AUDIT, Risk and Compliance, SOX Compliance Information Security Compliance
- Strong IT knowledge in infrastructure technologies (networking, data centers and hosting, virtualization, etc.), application development and support, and emerging technologies.
- Excellent Communication skills and capability to effectively work with both - Business- and - Technology- teams
- The candidate should have in-depth knowledge about various information security issues.
- Hands on experience in managing an Information Security Management System (ISMS) based on ISO27001:2013.
- IT risk management,
- Over sighting an organization wide information security program which includes Governance Risk and Compliance (GRC), IT Infrastructure security and Application security.
- Vulnerability assessment and penetration testing of applications and infrastructure components
- Security incident management
- Strong inter-personal skills and ability to work with CXO level business stakeholders