Information Security Manager

ROLES AND RESPONSIBILITIES : Review and update of the information asset register in accordance with RBI, SEBI, IRDAI, UIDAI, IT Outsourcing, Data Localization and ISO 27001 : 2013 requirements

Responsible for managing, tracking, update and monitor all regulatory requirements.

Review the classification levels of data, maintaining the risk register and tracking.

Crete and managing the KRI matrix and thresholds as per compliance, technology, policy and process

Conduct Data privacy or PII reviews with the intra-department for PII protection for customers and employees

Conduct policy and process risk assessment of vendors, while onboarding, evaluating and to monitor, and maintaining the same.

Assist in IT security product & services risk assessment during evaluation and procurement.

Track the annual review, changes of all policies and procedures, draft and update / consolidate policy documents as needed.

Assist in preparing decks / updates for committee meetings and other management review decks.

Review the reports and alerts and ensure to close with service groups

Access Control Reviews for cloud, application and infrastructure.

Comprehensive risk assessment and control testing to be carried out annually and sustained.

Assist in conducting the various simulations and campaigns for awareness and measure the effectiveness

Assist in Information security projects implementation

Conduct access control, change management and other process-level reviews

Timely escalation to the right stakeholder, if any deliverable is at risk.

Working closely with IT and other business functions of the organization for IS assessments and various risk review activities.

SKILLS AND QUALIFICATIONS :

ISMS implementation, policy & procedure

Risk analysis and assessments

Conceptual knowledge of infrastructure technology and services e.g Server infrastructure, development, Firewalls, NAC, Router etc.

Proactive and ability to handle business functions independently

Understanding of business processes across all functions.

8+ Experience in ISMS and in ISO 27001

CISA & ISO 27001 Certification

SPECIFICATIONS : QUALIFICATIONS, EXPERIENCE, & COMPETENCIES :

Minimum Qualifications :

Graduate

Minimum Experience : 6-8 Years

Skills Required :

Result-oriented & Persistent

Analytical / planning / Detail Orientation