Location: Bellandur

Job Description:

  • Enhance the security, resilience, and reliability for IT Security, Risk Management, Regulatory & Compliance (ISO, RBI Guidelines, Cert-IN Implementation, ISMS Audits – internal & external etc.), Network Security & Platform Defense, Security Operations, Security Monitoring
  • Developing and implementing Enterprise Security Strategy Governance Frameworks, Standards, Policies
  • Experience in managing security audits, such as, ISO 27001, SOC 1, SOC2
  • In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO audits, reviewing control evidence for completeness and accuracy, and ensuring evidence provided to auditors satisfies control requirements
  • Develop GRC deliverables, execute Security Strategy, Frameworks, Policies, Assessments, Solutions etc and lead their implementation either onsite or remotely dependent upon the business requirements and preferred working practices
  • Continuously monitor adherence to the implemented security controls and perform optimization as necessary.
  • Review effectiveness of application security solutions, vulnerability remediation, and vulnerability management. Provide oversight to all security operation initiatives and Security controls assessments.
  • Perform security gap analysis and risk assessment for Platforms, Applications, Networks, Databases across all departments
  • Work closely with business and technology teams to help articulate and communicate the InfoSec governance programme, identify risks and threats, and evaluate and help implement controls and improvements
  • Analyze and assess impact to the data/infrastructure as a result of security incidents, examine available recovery tools and processes, and recommend solutions.
  • Project management experience in the areas of IT Risk, Compliance, and security operations. Ability to plan and manage multiple GRC and Security engagements.


Roles and Responsibilities:

  • Develop and review information security policies and principles that will ensure Data Security and Privacy, Confidentiality, Integrity & Availability and appropriate use of the company’s information assets
  • Implement and maintain ISO 27001 Framework and Information Security Management System (ISMS)
  • Ability to plan and lead meetings with internal team and clients
  • Prepare detailed and summary reports of assessments, and remediation plans as needed and advise internal stakeholders
  • Ensuring any customer requirements are adequately addressed as part of Infosec objectives.
  • Driving GRC objectives with department heads, ensure departments aligned with GRC objectives
  • Conduct technology risk assessments across departments on periodic basis to ensure compliance with standards and guidelines
  • Facilitate internal audits and support external audits to identify weaknesses in processes and controls and implement corrective action plans
  • Review threat assessment landscape and security issues using tools/technology/frameworks like DLP, WAF, CICD, Firewall, IPS/IDS tuning, IAM & PAM, DRM, NAC, SIEM & DNS, ITSM and CMDB to enhance security operations and to remediate network security risks.
  • Ensure accurate and timely reporting to regulatory authorities, stakeholders, and senior management on risk and compliance related matters
  • Conduct knowledge sharing sessions for the Cyber Security team as well as the extended teams within the organization.
  • Develop and implement plans for review of data breaches, ensuring that incident management is effectively addressed


Qualification and experience:

  • Graduate/Post Graduate degree in Information Management and Security, Computer Science
  • Proven experience as a Security Manager or in a similar role.
  • 10+ years of experience in managing data security practices and technologies 
  • Understanding and experience with ISO 27001, PCI DSS, SOC2 & CSA STAR
  • Experience or understanding of governance, risk and compliance (GRC) processes and solutions.
  • Experience in information security and auditing.
  • Experience in RBI, CERT-IN and other regulatory guidelines
  • Desired certifications CISA, CISM, ISO 27001
  • Strong Communication skills
Share on linkedin
Share on facebook
Share on whatsapp
Share on twitter
Share on pinterest
Share on telegram
Share on reddit
Share on email
Share on skype