- Posted on: March 2024
- Bangalore, Bellandur, India, Karnataka
Job Description:
- Enhance the security, resilience, and reliability for IT Security, Risk Management, Regulatory & Compliance (ISO, RBI Guidelines, Cert-IN Implementation, ISMS Audits – internal & external etc.), Network Security & Platform Defense, Security Operations, Security Monitoring
- Developing and implementing Enterprise Security Strategy Governance Frameworks, Standards, Policies
- Experience in managing security audits, such as, ISO 27001, SOC 1, SOC2
- In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO audits, reviewing control evidence for completeness and accuracy, and ensuring evidence provided to auditors satisfies control requirements
- Develop GRC deliverables, execute Security Strategy, Frameworks, Policies, Assessments, Solutions etc and lead their implementation either onsite or remotely dependent upon the business requirements and preferred working practices
- Continuously monitor adherence to the implemented security controls and perform optimization as necessary.
- Review effectiveness of application security solutions, vulnerability remediation, and vulnerability management. Provide oversight to all security operation initiatives and Security controls assessments.
- Perform security gap analysis and risk assessment for Platforms, Applications, Networks, Databases across all departments
- Work closely with business and technology teams to help articulate and communicate the InfoSec governance programme, identify risks and threats, and evaluate and help implement controls and improvements
- Analyze and assess impact to the data/infrastructure as a result of security incidents, examine available recovery tools and processes, and recommend solutions.
- Project management experience in the areas of IT Risk, Compliance, and security operations. Ability to plan and manage multiple GRC and Security engagements.
Roles and Responsibilities:
- Develop and review information security policies and principles that will ensure Data Security and Privacy, Confidentiality, Integrity & Availability and appropriate use of the company’s information assets
- Implement and maintain ISO 27001 Framework and Information Security Management System (ISMS)
- Ability to plan and lead meetings with internal team and clients
- Prepare detailed and summary reports of assessments, and remediation plans as needed and advise internal stakeholders
- Ensuring any customer requirements are adequately addressed as part of Infosec objectives.
- Driving GRC objectives with department heads, ensure departments aligned with GRC objectives
- Conduct technology risk assessments across departments on periodic basis to ensure compliance with standards and guidelines
- Facilitate internal audits and support external audits to identify weaknesses in processes and controls and implement corrective action plans
- Review threat assessment landscape and security issues using tools/technology/frameworks like DLP, WAF, CICD, Firewall, IPS/IDS tuning, IAM & PAM, DRM, NAC, SIEM & DNS, ITSM and CMDB to enhance security operations and to remediate network security risks.
- Ensure accurate and timely reporting to regulatory authorities, stakeholders, and senior management on risk and compliance related matters
- Conduct knowledge sharing sessions for the Cyber Security team as well as the extended teams within the organization.
- Develop and implement plans for review of data breaches, ensuring that incident management is effectively addressed
Qualification and experience:
- Graduate/Post Graduate degree in Information Management and Security, Computer Science
- Proven experience as a Security Manager or in a similar role.
- 10+ years of experience in managing data security practices and technologies
- Understanding and experience with ISO 27001, PCI DSS, SOC2 & CSA STAR
- Experience or understanding of governance, risk and compliance (GRC) processes and solutions.
- Experience in information security and auditing.
- Experience in RBI, CERT-IN and other regulatory guidelines
- Desired certifications CISA, CISM, ISO 27001
- Strong Communication skills