KPMG India
Location
Gurgaon | India
Job description
Position
– Sr. Executive/ Assistant Manager Experience level – 3 to 8 years Job Location – Gurgaon Key Job Responsibilities: I. InfoSec Governance role: · Coordinate with various stakeholders at various office locations across India to ensure compliance and facilitate internal and external audits related to Information Security and Data Privacy, like ISO 27001:2013 and ISO 27701:2019, as well as ITGC (IT General Controls) for applications. · Facilitate and liaise with various stakeholders to close all audit findings within time · Undertake periodic compliance reviews of all InfoSec controls against defined policies. Provide periodic status reports to the management on the compliance status of the firm. · Drive the remediation of control deficiencies · Develop recommendations and strive for continuous improvement of InfoSec controls environment in the organization · Assist in designing and establishing new security frameworks for various operational processes · Responsible for keeping updated the ISMS policy/ procedure documents of the firm, after periodic review or any major changes in processes, and maintain an up-to-date repository of documents · Assist in implementation/ enforcement of the security policy/ procedures across the firm · Lead the information risk assessment across the organization · Drive InfoSec awareness program across the firm through trainings, awareness mailers, other channels, etc. · Assist in security process automation initiatives, wherever possible · Undertake annual Business Impact Assessment (BIA) exercise for IT business continuity, with various functions for identification of critical applications and their RTO/ RPO. Facilitate setup of new applications in IT Disaster Recovery (DR) site. Ensure and facilitate annual IT DR drills. Data Governance role: Rollout enterprise-wide data retention and disposal framework, through implementation of organization policies, processes, related tools and data architecture, to ensure that the data beyond a defined time (which is no longer in use) is disposed of. Assist in implementation of retention & disposal framework across IT applications (on prem and on cloud) and end user systems (structured and unstructured data). Serve as a liaison between business/ functional teams and IT teams to ensure that data retention framework requirements are met Ensure data availability as per the firm’s policy/ requirements – online, archival, backup and redundancy Liaison with the IT Infra team to ensure that the required Infra and architecture is maintained to support the above requirements Prepare and present periodic status reports/ updates to CISO, CIO and other senior management/ stakeholders Help drive continuous improvement and optimization of the processes. Assist in streamlining the related operational processes through automation initiatives. Skill Requirements: Bachelor's Degree in IT or cyber security or a related field required; Master’s would be a plus Min. 2 years relevant experience (mandatory) of working in cyber security/ information security/ ISMS implementation or sustenance role In-depth knowledge (mandatory) of ISO 27001 standard and control requirements Knowledge of Data Privacy/ GDPR concepts and controls would be an added advantage Experience of performing InfoSec compliance reviews/ gap assessments. Prior experience of facing or being part of internal/ external audits related to ISMS or IT General Controls (ITGC) testing Strong understanding of IT Infra (mandatory) – storage/ databases, servers, VMs, network components and data structures Understanding of structured and unstructured data types Conceptual knowledge of data discovery, data retention & disposal, data lifecycle, etc. would be a plus CISA, CISSP, CISM, or any other certification related to ISMS/ Information Security would be a plus Knowledge of security related technologies (e.g. IDAM, PAM, Patch Management Tools, DLP, Antivirus, Firewalls, etc.) Exposure to, or at least a conceptual knowledge of, cloud environment security and VA/PT Experience of dealing with all levels of management and across different teams/ multiple stakeholders across regions; and managing conflicts Excellent written & verbal communication, and PPT making skills Highly independent, with high ethical standards and integrity Excellent interpersonal and relationship building skills Working knowledge of SharePoint would be good to haveJob tags
Salary
