Position Summary: Sr Manager Information Security Governance
- The Incumbent would be responsible to manage the information security governance, risk, and compliance process.
- Standardize GRC policies, evaluate their impacts, and implement the relevant measure.
- Liaise with Internal Audit, Corporate Compliance, Office of General Counsel and Risk Management to remediate new and outstanding issues; track security-related issues in the electronic GRC system.
- This is a global role engaging stakeholders (at all levels) across geographies like India, Philippines and US.
- Certifications such as CISA, CISSP, CISM, CEH, ISO27001 LA are required (The Incumbent needs to possess at least two certifications).
- Incumbent should be a good effective communicator.
- Information security team is a healthy mix of exuberance, expertise and experience.
Job Functions and Responsibilities:
- Develop and maintain a robust threat intelligence gathering and monitoring plan.
- Review external threat Advisories and determine relevance to organization and design an appropriate response strategy
- Conduct assessment / review of IT processes and recommend action for improving IT governance maturity using reference frameworks like ISO 27001/ ITIL/others.
- Provide reports to senior management for review of information security risks, governance and compliance.
- Keep abreast with latest security and privacy regulations, advisories and alerts.
- Ensure compliance with organizational information security policies and procedures
- Is responsible to manage security incidents and policy exceptions.
- Regular checks of strength and efficiency of security system and provides security expertise for the business unit and function managers
- Conduct IT security awareness through regular publishing of monthly security updates/bulletins and trainings (e.g., brown bags) to improve IT security knowledge of users and IT staff.
- Provide advice and consultancy on security risks and controls.
- Is responsible for keeping an up-to-date map of security risks, latest security and privacy regulations, advisories.
- To participate to internal and external audits, and in liaison with regulatory and market bodies
- Analysis on qualitative and quantitative Risk Approach i.e. Risk Assessment of all assets across group along with Risk Treatment Plan.
- To analyze and assess security risks and their impacts, and implement the relevant measures.
- Coordinates compliance and auditing activities and facilitates migration of non-compliant environments to compliant environments.
- Is responsible to monitor and manage security-related nonconformities
Key Result Areas:
- High Quality Content creation for Information Security Presentations for councils such as MBR, TechOps and ITRC
- Identification and Management of Information Security Risks
- Manage Infosec risks in third party engagements and drive improvements across categories of vendors
- Qualitative review and upkeep of InfoSec Policies and Procedures
- Enhance Employee awareness to make it more engaging and effective.
- Proactive identification of resolution of risks to maintain high InfoSec Posture ratings.
- Track effective set of infosec metrics and drive improvement in security posture.
- Participate in and Respond to InfoSec Audits, Questionnaires and Examinations
- Enhance Incident Management preparedness and drive InfoSec incident management.
Qualifications:
BE / BTech / ME / MTech / MBA with specialized Infosec certifications such as CISSP, CISA, ISO 27001 LI/LA, CISM
- Bachelor of Engineering or equivalent
- 13-15 yrs of experience in the field of Information Technology & Security audits
- At least nine (11) years of Information Systems & Security audit experience
- Extended Knowledge of IT Security.
- Experience in implementing IT controls within the IT governance framework and designing overall governance framework.
- Good Understanding of Risk and Compliance concepts and Tools
- Good communication and documentation skills.
WORK SCHEDULE OR TRAVEL REQUIREMENTS
- 3 PM IST to 12 PM PST
- Travel - Minimal.
- To attend office in-person at the base location as and when required.
Employment Type: Full Time, Permanent
Read full job description