Senior Delivery Manager - Information Security

Information security governance team member (with skip level reporting to CISO) who is proficient in information security risk assessments, understanding of regulatory requirements, drafting of ISMS and BCMS policies and procedures, monitoring Key Risk Indicators (KRIs) for information security governance across IT.
A- Minimum required Accountabilities for this role
Managing information security risk framework inline with ISO 31000 framework
Discussion and follow up with risk owners to tracking risk mitigation actions.
Identification of new risks across IT landscape including cloud environment, outsourced environment etc
Perform project specific risk assessment for IT projects.
Perform risk assessment related to emerging technologies.
Documentation and maintenance of policies and procedures as per ISMS and BCMS framework
Updating policies and procedures in line with regulatory requirements
Develop and monitor key risk indicators across IT environment in line with risk framework.
Information security awareness among stakeholders in line with risks
B- Additional Accountabilities pertaining to the role
Participation in management reporting and governance committee presentations
Assisting and co ordinating internal audits
Prepare management reports by collecting, analyzing, and summarizing information.
MOE (Measurement of Effectiveness): Collation of MOE data
Perform trend analysis as compare to outcome of previous values of KRIs Key Decisions / Dimensions
Identification of right contacts for get required data on time.
Review the data and decide if the observations identified correct and complete.
Review and decide if closure evidence shared are sufficient to close the audit observations.
Decide if the policy and procedure documents need changes based on new regulations or audit outcomes.

Major Challenges
Handling of fast changing regulatory expectations
Handling of compliance expectations in stringent timelines
Handling multiple stakeholders at a time
Coordination with third party consultants who assist in auditing and compliance initiatives

Required Qualifications and Experience
a) Qualifications
Minimum qualification required is computer graduate with minimum of 4 Years of experience in information security

b) Work Experience
Knowledge & hands-on experience in information security risk assessments.
Sound knowledge on ISMS & BCMS frameworks, regulatory guidelines related to IT and cyber for NBFCs
Proficient in word, Excel, PowerPoint
Experience in data analysis and report drafting.
Experience in Project management.
Positive attitude, Hard Worker and team player
Excellent Communication and Leadership Skills
Certifications like ISO 27001, CISA/CISM/CISSP would be an added advantage