Manage and lead the Information Security governance process including Policy relevant standards like ISMS, BCMS, regulatory compliance. Create awareness on data classification and data protection among all employees. Co-ordinate with IT, HR and Admin team for ensuring Information Security policy compliance. Conduct technology risk assessment / review of IT
processes/procedure/compliance status and report risk issues to management.
Manage Information Security policy and procedure documents, including but not limited to incident response, IT security policy, segregation of roles and responsibilities, audit plans, risk assessment methodology, risk register, etc.
Oversee Security Awareness program at organizational level including the Information Security training programs for staff and work towards continuous improvements.
Keep abreast with latest security and privacy regulations, advisories and alerts.
Provide timely update senior management about existing risks and potential risks as per information from industry sources.
Experience Requirement: 8-10 years of experience in the field of Information Technology & Security with BE or equivalent academic qualification, excellent communication skills; 6-8 years of Information Security and Securities domain experience is must.
Possesses skills like critical thinking, problem solving, decision-making, conflict resolution, written and verbal communication and leadership skills.
Technical Skills and Technology Experience:
Shall have hands on security technology and tools like AD/AV/DLP/PIM/IDS/IPS/WAF/SIEM
Shall have experience of handling Network Operations Centre (NOC)/Security Operations Centre
Shall have excellence in understanding business requirements, conduct risk assessment and provide secured solution to Business team as well as technology team.
Shall have hands on conducting risk assessment, audit, data classification etc
Experience in implementing IT controls within the IT governance framework and designing overall governance framework using standards like ISO 27001/ITIL.
Understanding and experience with risk and compliance (GRC) concepts / tools.
Certifications such as
CISA, CISSP, CISM, CEH, Cobit 5, ISO 27001:2013 LA required at least three certifications