profinch

Manager / Senior Manager – Information Security

Experience:

  •  8-12 yrs of full-time relevant experience in Information Security
  • Exposure to end-to-end implementation of ISO 27001:2013 Information Security Standard leading to certification in an IT / ITES / Banking and Financial industry.

Responsibilities

  • Interact with clients, business teams and suppliers; and ensure a resilient security organization.
  • Support the CISO in driving security and security initiatives.
  • Develop, implement, maintain, review and continually improve Information Security including Information Security Continuity and Privacy standards, procedures, controls, guidelines and relevant documented information; and integrate them into the Quality Management System.
  • Implement a security training programmer. Conduct security induction, training and awareness throughout the organization.
  • Conduct information security risk assessments, independent risk-based internal audits considering client contractual, business, standard, applicable legal and regulatory requirements.
  • Manage and maintain a risk register / risk database along with risk treatment plans.
  • Monitor, review and verify effective closure of audit findings and issues reported by interested parties.
  • Ensure conformity to ISO 27001 standard, business security standards, client contractual security obligations and compliance to applicable legal and regulatory requirements and changing requirements.
  • Effectively manage changes to information security management system and information security processing facilities.
  • Represent the function in case of client and prospective client due-diligence, outsourced client audits, internal and external audits.
  • Effectively manage information security incidents, events and weaknesses.
  • Liaise with suppliers, ensure security and business continuity requirements are agreed with suppliers, monitor, review and audit key suppliers, manage supplier security risks.
  • Manage day-to-day and end-to-end security operations
  • Monitor and review information security processes including technical compliance review of IT assets / end user devices and endpoints; and carrying out independent review of information security.
  • Build and effectively manage a competent team.

Requirements

  • Mandatory – Certified ISO 27001:2013 Lead Implementer / ISO 27001:2013 Lead Auditor / ISO 27001:2013 Internal Auditor.
  • Good to have – Other security, business continuity, risk and privacy lean and agile certifications.
  • A customer service mentality with focus on agile, project management and risk-based thinking.
  • Thorough implementation knowledge of ISO 27001, ISO 27002, ISO 31000 and ISO 9001 standards.
  • Ability to translate and interpret technical vulnerabilities and threats into risk statements that can be discussed with the interested parties.
  • Ability to articulate impact on non-conformity to security processes and procedures and non-compliance to legal and regulatory requirements.
  • Integration of management systems with excellent documented information skills.
  • Working knowledge of other security regulation, standards, framework, methodology related to security, banking and fintech industry – SOX, SOC 1, SOC 2, SOC 3, PCI-DSS, ISAE 3402, IT General Controls, Internal Controls, IT Act, GDPR etc. and readiness to ISO 27002:2022 and the Data Protection Bill, 2021.
  • Working knowledge of relevant GRC / security and data protection tools.
  • Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
  • Good understanding of secure coding, secure system engineering principles, network and security architecture, secure data centers, product security and cloud security.
  • Good understanding of physical and environmental security.
  • Thorough working experience in conducting independent Internal and supplier audit skills.
  • Soft Skills – People Management, Negotiation, Communication, Time Management.
  • Personal effectiveness – Possess ethical, open-minded, diplomatic, observant, perceptive, versatile, tenacious, decisive, self-reliant, able to act with fortitude, open to improvement, culturally sensitive and collaborative qualities.
Job Category: Consultant
Job Location: Bangalore Karnataka
Job Type: Full Time

Apply for this position

Allowed Type(s): .pdf, .doc, .docx