OBJECTIVE OF THE ROLE :
- To manage Information Security Governance, Risk and Compliance Management Program to ensure
- Compliance with Regulatory Requirements
- Pro-actively identifying & providing InfoSec Risks for new Business Requests
- Effective drive and govern Information & Cyber Security Program to monitor continuous improvements
KEY RESPONSIBILITIES :
- Definition and Revision of Information and Cyber Security Policies, Processes, Standards & Guidelines
- Building & Maintaining Risk Management Program
- Managing Vendor Risk Management Program
- Building and Governance of Information and Cyber Security Assurance Program
- Managing Internal & External Audits and compliance activities
- Handling user requests to proactively identify and provide InfoSec requirements at the initial stage of activity / project (e.g. vendor engagements, confidential data requests, risk assessment etc.)
- Management of Exception Handling Process
- Guide stakeholders for remediation of Information Security observations
- Definition SOPs / Manuals for Information Security activities
- Identify new initiatives, security controls (technical / procedural) improvement areas in InfoSec Program
- Conduct POCs for new Security Solutions, implementation of new Security Practices / Processes / Controls across organization
- Ensure compliance with Information Security Policies & Processes
- Ensure Team is always audit / compliance ready
- Development & Implementation of User Awareness Program
- Supporting CISO to conduct Information Security Committee Meetings
- Work as a Subject Matter Expert for CISO
- Manage Outsource resources & developing skilled team resources
- Adequate knowledge on the VAPT, application security and other security testing.
Educational Qualifications:
B.E. / B. Tech
Work Experience:
4 to 8 Years of relevant experience in Information Security Activities
Certifications:
CCNA, MCSA, CEH, ISO27001, CISM, CISA, CISSP, etc(Good to have)