unifyCX - Manager - Information Security (8-10 yrs)

JOB DESCRIPTION :

Designation : Manager - Information Security

Work Location : Mangalore

No. of positions : 01

Department : Information Security (Corporate IT)

Summary of the Position :

This position requires candidate should be Graduate/Post Graduate on Engineering / Computer Science with at least 10 + years of experience in managing Information Security and Data Privacy for an enterprise level.

Qualification, Certifications and Knowledge level :

- B. Tech/ B.E /BSc / MSc - CSE/ IT/Cyber Security/ECE

- Professional Certifications : CISM/CISA/ISO27001:2022 LA/CRISC

- Knowledge of security standards NIST, ISO 27001, ISO 27018, SOC2, COBIT, HITRUST

- Knowledge and experience on PCI DSS, GDPR, DPDPA, and HIPAA

- Exposure to Information security management system (ISMS) Policies, Standards, Process documentation

- Good understanding of IT/IS & Cyber risks

- Experience in risk management processes and reporting

- Experience in third-party risk management frameworks & processes

- Experience in handling or conducting IS&T audits

- Good Communication Skills

- Knowledge of Software development life cycle, Network, Server management and Infrastructure Management

- Ability to work independently and to take emergent decisions on his/her own

- Ability to work collaboratively with internal and external stakeholders to achieve a mutually beneficial result

- Good team player, hardworking, enthusiastic with good attitude

Experience :

- 8-10 years of relevant work experience in Information Security Governance, compliance or risk management functions.

Roles & Responsibilities :

- Perform site level gap assessment with respect to ISO27001:2022, SOC2, PCI DSS security controls.

- Create and maintain the documentation for Information System governance and audits in accordance with regulatory & compliance requirements.

- Support in the development, update and review of policies, standards, and guidelines to ensure consistency and compliance (ISO 27001, SOC2, PCI DSS, GDPR).

- Monitoring and ensuring the policy / Standard Operating Procedures adherence across different IT functions.

- Provide inputs in the design and implementation of security controls in line with policies and standards defined.

- Support in development of standard metrics and KPIs for reporting compliance with policies, standards and regulatory requirements.

- Support for various Governance Committees.

- Coordinate and conduct information security steering meetings

- Conducts Enterprise level Information Security risk assessment, coordinate risk treatment activities.

- Perform risk assessment process for vendors, products and services used by organization.

- Help manage risk and compliance metrics and reporting.

- Monitor, analyze, and track requests for policy exceptions and support the assessment of risks associated with deviations.

- Define Information security objectives (KRIs and KPIs) and monitor the performance of ISMS processes.

- Plan and execute ISMS internal audits across organization on periodic basis to measure the effectiveness ISMS processes.

- Review and evaluate all security incidents as per the security incident management procedures.

- Investigate, assess and report on the development or spread of potential information security threats and vulnerabilities that may impact Organizations and/or Customer technical infrastructure SLAs.

- Evaluate the adequacy of security measures to protect organizational data and information assets.

- Develop, implement, and maintain a formal plan for disaster recovery and business continuity for information assets

- Provide support for any external assessment (e.g. audit or penetration test) of the organizations security controls (ISO27001/SOC2/ PCI DSS etc.) on organizations infrastructure, and remediation plan.

- Monitor security threats and vulnerabilities to determine the risks they pose to the business, and what countermeasures must be put in place to address them

- Coordinate remediation efforts related to information security

- Conduct Information Security Awareness Training to employees require to meet various security requirements and ensure that training is given.

Rounds of Interview : There would be two to three rounds of interview by tech panels.