---

---

Location

Mumbai | India

---

Job description

JOB DESCRIPTION

POSITION NAME

Information Security Manager

DEPARTMENT	Information Security
REPORTING POSITION	CISO

OBJECTIVE OF THE ROLE

To manage Information Security Governance, Risk and Compliance Management Program to ensure

. Compliance with Regulatory Requirements

. Pro-actively identifying & providing InfoSec Risks for new Business Requests

. Effective drive and govern Information & Cyber Security Program to monitor continuous improvements

KEY RESPONSIBILITIES

. Definition and Revision of Information and Cyber Security Policies, Processes, Standards & Guidelines

. Building & Maintaining Risk Management Program

. Managing Vendor Risk Management Program

. Building and Governance of Information and Cyber Security Assurance Program

. Managing Internal & External Audits and compliance activities

. Handling user requests to proactively identify and provide InfoSec requirements at the initial stage of activity / project (e.g. vendor engagements, confidential data requests, risk assessment etc.)

. Management of Exception Handling Process

. Guide stakeholders for remediation of Information Security observations

. Definition SOPs / Manuals for Information Security activities

. Identify new initiatives, security controls (technical / procedural) improvement areas in InfoSec Program

. Conduct POCs for new Security Solutions, implementation of new Security Practices / Processes / Controls across organization

. Ensure compliance with Information Security Policies & Processes

. Ensure Team is always audit / compliance ready

. Development & Implementation of User Awareness Program

. Supporting CISO to conduct Information Security Committee Meetings

. Work as a Subject Matter Expert for CISO

. Manage Outsource resources & developing skilled team resources

Adequate knowledge on the VAPT, application security and other security testing's

INTERACTIONS

Internal Relations:

IT, Legal & Compliance, PARM, Business Teams, Internal Auditors

External Relations:

Information Security Service Providers / Vendors

IT / Business Team Vendors

Auditors

REQUIRED QUALIFICATION AND SKILLS

Educational Qualifications:

B.E. / B. Tech

Work Experience:

4 to 8 Years of relevant experience in Information Security Activities

Certifications:

CCNA, MCSA, CEH, ISO27001, CISM, CISA, CISSP,etc(Good to have)

Other skill set:

. Should have good technical knowledge of various platforms / technologies and security controls

. Experience of successfully managing and delivering IT risk and controls assessments

. Should have technical, analytical and problem-solving skills in order to assess requirements, identify potential risks, mitigating security controls and documenting residual risk

. Should have good Governance Skills

. Should have good knowledge of ISO27001, IRDA, IT Act, Data Privacy Law & other regulatory requirements

. Experience on implementing regulatory / compliance / policy requirements and ensuring compliance

. Experience in conducting classroom user awareness sessions

. Managing the assigned resources with effective delegation

. Should have Team and Vendor Management Experience

. Should have good communication skills to clearly communicate requirements to technical and non-technical stakeholders from across the business and all levels of seniority

---

Job tags

---

---

Salary