Sr. Manager - Information security

Location

Noida

Level

Senior

Experience

8-12 years

Reporting To

Head of Information Security

Education

o B.E. / B.Tech. / MCA or advanced degree in a rel

Job Description

Information security function requires an Sr. Manager - Information security to provide operational support in the management of information security program across its global offices. The candidate will be responsible to design, implement & maintain ISO27001:2013, Information security risk and Incident management, Cyber Security best practices, BCMS and Disaster recovery framework along with other relevant guidelines and regulations for the organization. Provide an oversight and enforce Information Security controls to ensure information security Compliance & Assurance.

Skill Set :

Responsibilities

  1. Work with functional groups (HR, Compliance, IT & facilities) in the validation of organizational security and maintain a process to ensure maintenance of organization’s ISO27001 certification along with risk management & incident management framework and BCMS/DR requirements.
  2. Conduct periodic internal ISMS audits and risk assessments to assess the adequacy of the security controls and provide recommendations.
  3. Knowledge around basic networking concept; security tools and technologies (Firewall; IDS/IPS; ATP; DLP; AD; Proxy; etc.) and its best practices.
  4. Ensure coordination with IT team for implementing best industry practice for network, Cloud and Cyber security.
  5. Work closely with other support function to implement best security controls w.r.t. cyber/cloud and data security.
  6. Work closely with the business team to understand the product architecture and data flow and implement best security practices for information & data security.
  7. Identify and implement corrective action plan to address external / internal audit findings and updating statement of applicability.
  8. Documentation of Security Policies, Standards, Guidelines & Standard Operating Procedures.
  9. Good working knowledge of Incident management life cycle and forensic investigation & coordinate with multiple teams for management and investigation of security incidents and perform root cause analysis.
  10. Conduct periodic Security Awareness Training programs.
  11. Develop, test and maintain business continuity and Disaster Recovery plans.
  12. Ensure compliance to Regulatory compliance requirements applicable to the organization.
  13. In- depth knowledge of Information Security risk and industry best practices. Assists organization to ensure regulatory compliance in areas such as ISO: 27001, SOC II, PCI- DSS, GDPR and so on.
  14. Coordinate with functional support groups and operational groups for generation of security metrics to track compliance.
  15. Ensure RFP responses and helping delivery team to meet contractual security requirements
  16. Excellent experience of handling third party auditors and client audits.

 

EXPERIENCE AND EDUCATION

  1. Minimum 8 – 12 Years of experience. Position requires a minimum of Eight years in Information Security, Risk Management and Business Continuity management in a corporate environment. 
  2. Excellent understanding of ISO27001, InfoSec Risk Management, Cyber Security, BCMS and SOC-2 framework along with controls used for securing a business' computer networks and digital information.
  3. Excellent understanding with regulatory compliance requirements such as SOX, PCI-DSS, HIPPA; GDPR compliance etc.
  4. Knowledge of cyber security frameworks
  5. Working experience of best industry practices of Vulnerability management; Cloud Security; Cyber Security and network security
  6. Ability to identify, observe and analyze potential information security risks and develop strategies for preventing threats and quickly addressing breaches
  7. Understanding of IT/Cyber security & Networking concepts i.e. DMZ; security zoning; IDAM; Active Directory; Firewall; IDS/IPS; Email Security; DLP; Cryptography; Vulnerability management; etc.
  8. Demonstrated capability for high ownership, hands-on, capable to deliver by self.

 

Behavioral Competencies:

    1. Excellent oral and written communication skills.
    2. Capability to deliver on tight schedules with excellent task management capabilities.

 

Education:

    1. B.E. / B.Tech. / MCA or advanced degree in a related field would be desirable
    2. Certifications such as CISSP/CISA/ CISM, and ISO27001:2013 LA is preferred.