Kotak Life Insurance
Location
Mumbai | India
Job description
JOB DESCRIPTION
POSITION NAME
Information Security Manager
DEPARTMENT | Information Security |
REPORTING POSITION | CISO |
OBJECTIVE OF THE ROLE
To manage Information Security Governance, Risk and Compliance Management Program to ensure
. Compliance with Regulatory Requirements
. Pro-actively identifying & providing InfoSec Risks for new Business Requests
. Effective drive and govern Information & Cyber Security Program to monitor continuous improvements
KEY RESPONSIBILITIES
. Definition and Revision of Information and Cyber Security Policies, Processes, Standards & Guidelines
. Building & Maintaining Risk Management Program
. Managing Vendor Risk Management Program
. Building and Governance of Information and Cyber Security Assurance Program
. Managing Internal & External Audits and compliance activities
. Handling user requests to proactively identify and provide InfoSec requirements at the initial stage of activity / project (e.g. vendor engagements, confidential data requests, risk assessment etc.)
. Management of Exception Handling Process
. Guide stakeholders for remediation of Information Security observations
. Definition SOPs / Manuals for Information Security activities
. Identify new initiatives, security controls (technical / procedural) improvement areas in InfoSec Program
. Conduct POCs for new Security Solutions, implementation of new Security Practices / Processes / Controls across organization
. Ensure compliance with Information Security Policies & Processes
. Ensure Team is always audit / compliance ready
. Development & Implementation of User Awareness Program
. Supporting CISO to conduct Information Security Committee Meetings
. Work as a Subject Matter Expert for CISO
. Manage Outsource resources & developing skilled team resources
Adequate knowledge on the VAPT, application security and other security testing'sINTERACTIONS
Internal Relations:
IT, Legal & Compliance, PARM, Business Teams, Internal Auditors
External Relations:
Information Security Service Providers / Vendors
IT / Business Team Vendors
Auditors
REQUIRED QUALIFICATION AND SKILLS
Educational Qualifications:
B.E. / B. Tech
Work Experience:
4 to 8 Years of relevant experience in Information Security Activities
Certifications:
CCNA, MCSA, CEH, ISO27001, CISM, CISA, CISSP,etc(Good to have)
Other skill set:
. Should have good technical knowledge of various platforms / technologies and security controls
. Experience of successfully managing and delivering IT risk and controls assessments
. Should have technical, analytical and problem-solving skills in order to assess requirements, identify potential risks, mitigating security controls and documenting residual risk
. Should have good Governance Skills
. Should have good knowledge of ISO27001, IRDA, IT Act, Data Privacy Law & other regulatory requirements
. Experience on implementing regulatory / compliance / policy requirements and ensuring compliance
. Experience in conducting classroom user awareness sessions
. Managing the assigned resources with effective delegation
. Should have Team and Vendor Management Experience
. Should have good communication skills to clearly communicate requirements to technical and non-technical stakeholders from across the business and all levels of seniority
Job tags
Salary