Cyber Security Manager - Audit & Risk Management (8-10 yrs)

Skills & Competencies : Subject knowledge (Information security, Cyber Security, Data Privacy) Security Analysis, Network Security , Good understanding of technology (IT certification preferred)

Min. Educational Qualification : Graduation

Certifications : OSCP, CEH, CISSP, CISA, CISM, ISO 27001 : 2013 LA

Job Description :

- Manage Information Security Projects, Audits, assessments etc

- Perform Technology Risk Assessments for processes, technologies

- Develop and review IS standards, guidelines for new technologies

- Periodic audits and assessments as per Infosec calendar

- Be responsible for setting IS Standards, Checklist, Guidelines such as :

1. IS guidelines and any supporting templates;

2. Standards for Technology Risk Assessments (TRA) for any process / technology change or new technology sourcing

3. Manage internal / third party Ethical hacking / Vulnerability Assessment /

4. Penetration Testing, Red Team assessment activities etc.

5. Methodology / checklist for performing the TRA and approval matrix based on the results of the TRA

6. BCP / DR standards including methodology for conducting Risk Assessment (RA) and Business Impact Analysis (BIA)

7. Application security and Vendor risk assessment standards

8. IS related trainings standards including frequency for IS related trainings for employees / contractors and the IT / IS teams

9. Security testing baselines for conducting Vulnerability Assessment and Penetration Testing of IT systems (infrastructure and applications) including mandating the use of internal and external vendors based on asset classification

- Liaising with the business teams to define the roles within each application under their purview depending upon the business requirements

- Shall review the training / skill set requirements for the SOC / LAM / DLP teams

- Manage Information Security Projects/assessments etc

- Perform daily InfoSec operational activities like FnF Clearance, approvals etc.

- Conduct or participate Cyber security drill as per the requirement

- Perform daily InfoSec operational activities and Monitor, manage Information/Cyber Security Incidents

- Assign detailed responsibilities and action steps to manage cyber crisis

- Identify the active risks along with the threat vectors related to cyber crisis

- Support response and investigation activities related to the cyber crisis

- Review regulatory impact and compliance obligations

- All other tasks/activities/projects etc. delegated by Chief Risk Officer (CRO) / Chief Information Security Officer (CISO)