Information Security Manager

Job Title: Information Security Manager

Work from Office

Location: Bangalore/Chennai/Hyderabad

Experience: 8+ years

No.of Positions: 2

Required Skills:

Hands-on experience with security technologies

Experience in Information security and business continuity internal audits

Strong Knowledge in risk management, ISO 27001, ISO 22301 PCI DSS, HIPAA, GDPR, SOC 2

Knowledgeable in security concepts, techniques, tools, methods, and practices

Good technical in cyber security products

Individually to perform the technical audits

Roles and Responsibilities:

Minimum 8 years of experience in managing security audits, such as, ISO 27001, HIPAA, SOC 1, SOC2, PCIDSS

Including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors

In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, HIPAA, PCIDSS audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements.

Ability to of plan and lead meetings with control owners and external auditors.

Ability to clearly define control requirements to control owners or explaining control evidence to external auditors.

Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function.

Assist in testing and verification of all controls and formulating reports documenting findings.

Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures.

Work closely with internal business teams to assist in the identification and assessment of potential security risks, and establish risk owners, ratings, and management action plans.

Ensure continuity of compliance with ISO27001 and ISO 22301, PCI DSS, HIPAA, GDPR

Analyse the potential impact of new threats and communicate risks to relevant business units

Manage security operations, analyze security exceptions, gather necessary background information, document exceptions and ensurethat the risk is recognized and managed with compensating controls

Provide orientation to Business Units on Risk Assessment, Business Continuity Plan and Business Impact Analysis

Facilitate in preparation of a Business continuity plan for each project and functions

Conduct internal ISMS and BCMS audits and identify potential gaps in the system

Prepare detailed and summary reports of assessments, and remediation plans as needed and advise internal stakeholders

Report the audit findings on the potential weakness in the system and areas of improvement