Experience:
- 8-12 yrs of full-time relevant experience in Information Security
- Exposure to end-to-end implementation of ISO 27001:2013 Information Security Standard leading to certification in an IT / ITES / Banking and Financial industry.
Responsibilities
- Interact with clients, business teams and suppliers; and ensure a resilient security organization.
- Support the CISO in driving security and security initiatives.
- Develop, implement, maintain, review and continually improve Information Security including Information Security Continuity and Privacy standards, procedures, controls, guidelines and relevant documented information; and integrate them into the Quality Management System.
- Implement a security training programmer. Conduct security induction, training and awareness throughout the organization.
- Conduct information security risk assessments, independent risk-based internal audits considering client contractual, business, standard, applicable legal and regulatory requirements.
- Manage and maintain a risk register / risk database along with risk treatment plans.
- Monitor, review and verify effective closure of audit findings and issues reported by interested parties.
- Ensure conformity to ISO 27001 standard, business security standards, client contractual security obligations and compliance to applicable legal and regulatory requirements and changing requirements.
- Effectively manage changes to information security management system and information security processing facilities.
- Represent the function in case of client and prospective client due-diligence, outsourced client audits, internal and external audits.
- Effectively manage information security incidents, events and weaknesses.
- Liaise with suppliers, ensure security and business continuity requirements are agreed with suppliers, monitor, review and audit key suppliers, manage supplier security risks.
- Manage day-to-day and end-to-end security operations
- Monitor and review information security processes including technical compliance review of IT assets / end user devices and endpoints; and carrying out independent review of information security.
- Build and effectively manage a competent team.
Requirements
- Mandatory – Certified ISO 27001:2013 Lead Implementer / ISO 27001:2013 Lead Auditor / ISO 27001:2013 Internal Auditor.
- Good to have – Other security, business continuity, risk and privacy lean and agile certifications.
- A customer service mentality with focus on agile, project management and risk-based thinking.
- Thorough implementation knowledge of ISO 27001, ISO 27002, ISO 31000 and ISO 9001 standards.
- Ability to translate and interpret technical vulnerabilities and threats into risk statements that can be discussed with the interested parties.
- Ability to articulate impact on non-conformity to security processes and procedures and non-compliance to legal and regulatory requirements.
- Integration of management systems with excellent documented information skills.
- Working knowledge of other security regulation, standards, framework, methodology related to security, banking and fintech industry – SOX, SOC 1, SOC 2, SOC 3, PCI-DSS, ISAE 3402, IT General Controls, Internal Controls, IT Act, GDPR etc. and readiness to ISO 27002:2022 and the Data Protection Bill, 2021.
- Working knowledge of relevant GRC / security and data protection tools.
- Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
- Good understanding of secure coding, secure system engineering principles, network and security architecture, secure data centers, product security and cloud security.
- Good understanding of physical and environmental security.
- Thorough working experience in conducting independent Internal and supplier audit skills.
- Soft Skills – People Management, Negotiation, Communication, Time Management.
- Personal effectiveness – Possess ethical, open-minded, diplomatic, observant, perceptive, versatile, tenacious, decisive, self-reliant, able to act with fortitude, open to improvement, culturally sensitive and collaborative qualities.