---

---

Location

Mumbai | India

---

Job description

Implement Information security policies, procedures, regulations, and best practices to ensure the confidentiality, integrity and availability of MHDI information and information asset. Implementing effective information security controls through assurance programs, risk assessments; InfoSec gap assessments, conducted system audits, third party assessment / audit, developed violation reports in alignment with security policy framework and ensure risks are mitigated on time Ensure information security framework is implemented as per regulatory guideline. Govern InfoSec processes and assurance framework Responsible for monitoring and managing the security operations (SOC) of an organization Review and ensure enforcement of Information Security policies, standards, procedures and guidelines to support the organizations’ information security program. Work closely with IT, business functional teams for vendor assessment, Application security reviews , implementation of information security projects, new and controls for new or identified deficiencies. Identify current and potential legal and regulatory issues affecting information security and assess their impact in conjunction with legal and compliance team. Perform information security risk assessments on an ongoing basis and report any significant risks to CITSO & CISO. Information security incident management i.e. identification, response, remediation and reporting. Review the self-assessment of Third parties at defined frequency to whom line of business has been outsourced. Be responsible for conducting security assessments and audits of Third party processes & vendors. Conduct Internal Audit with the help of external audit firm to verify the effectiveness of security controls. Ensure effectiveness to the Identity management and access control by performing periodic assessments. Assess & record all the exceptions to the Information security policy. Ensure appropriate level awareness is spread via regular InfoSec trainings, Emailer etc. Govern the Antivirus, SDLP, SEE & other security compliance for endpoints, Servers, network. Ensure password policy is effectively implemented. Govern Security patch management & ensure adequate patch level are maintained. Vulnerability Management & Penetration testing for Application’s, Network, Endpoint & Servers.

Key Skills: Information Security Management Security Operations & Audits ISMS (ISO 27001) Security Incident handling Compliance Management Risk Assessment Vulnerability Management Stakeholder Management Certifications & Trainings: CISM CISSP ISO 27001 Lead Implementor

---

Job tags

---

---

Salary