Senior Manager - Information Security & Data Privacy - Insurance (7-12 yrs)

Skills & Competencies: Subject knowledge (Information security, Cyber Security, Data Privacy) Security Analysis, Network Security , Good understanding of technology (IT certification preferred)

Min. Educational Qualification: Graduation

Relevant Work-experience: 4 to 10 years of Information Security experience, 2 years min. information security in BFSI Insurance, preferred

Certifications: OSCP, CEH, CISSP, CISA, CISM, ISO 27001:2013 LA

Job Description:

- Manage Information Security Projects, Audits, assessments etc

- Perform Technology Risk Assessments for processes, technologies

- Develop and review IS standards, guidelines for new technologies

- Periodic audits and assessments as per Infosec calendar

- Be responsible for setting IS Standards, Checklist, Guidelines such as:

- IS guidelines and any supporting templates;

- Standards for Technology Risk Assessments (TRA) for any process / technology change or new technology sourcing

- Manage internal / third party Ethical hacking / Vulnerability Assessment /

- Penetration Testing, Red Team assessment activities etc.

- Methodology / checklist for performing the TRA and approval matrix based on the results of the TRA

- BCP / DR standards including methodology for conducting Risk Assessment (RA) and Business Impact Analysis (BIA)

- Application security and Vendor risk assessment standards

- IS related trainings standards including frequency for IS related trainings for employees / contractors and the IT / IS teams

- Security testing baselines for conducting Vulnerability Assessment and Penetration Testing of IT systems (infrastructure and applications) including mandating the use of internal and external vendors based on asset classification

- Liaising with the business teams to define the roles within each application under their purview depending upon the business requirements

- Shall review the training / skill set requirements for the SOC / LAM / DLP teams

- Manage Information Security Projects/assessments etc

- Perform daily InfoSec operational activities like FnF Clearance, approvals etc.

- Conduct or participate Cyber security drill as per the requirement

- Perform daily InfoSec operational activities and Monitor, manage Information/Cyber Security Incidents

- Assign detailed responsibilities and action steps to manage cyber crisis

- Identify the active risks along with the threat vectors related to cyber crisis

- Support response and investigation activities related to the cyber crisis

- Review regulatory impact and compliance obligations

- All other tasks/activities/projects etc. delegated by Chief Risk Officer (CRO) / Chief Information Security Officer (CISO)

Location: Mumbai