- To manage governance, risk, confidentiality, compliance for the enterprise and provide support to CISO on security & compliance assurance.
- To work with technology team to establish and improvise security frameworks, policies, procedures.
- Implementation, operation and maintenance of the Information Security Management System based on standards like ISO/IEC 27000 series.
- Develop, implement and monitor comprehensive enterprise information security program to ensure the integrity, confidentiality and availability of information that is owned, controlled or processed by the organization, which would take account of Developing, maintaining and publishing up-to-date information security policies, procedures and guidelines.
- Facilitating the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings
- Implementing and testing business continuity and disaster recovery to ensure there is no loss of critical business processes or systems due to disruptive events beyond what is called for in the appropriate business impact analysis.
- Managing security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
- Overseeing the awareness training programs for all employees, contractors and approved system users.
- Implementing processes related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations.
- Facilitating Internal Audits.
ESSENTIAL SKILLS & EXPERIENCE
- Minimum of 10-11 years of relevant experience in ISMS.
- Information Risk Management including Technology Risk & Vendor IT Risk Assessment
- Vulnerability Assessment & Penetration Testing
- Understanding of Application Security, Security Audits, Business Continuity planning / Disaster recovery
- Good communication and interpersonal skills.
- Demonstrated success in implementing ISMS in previous organizations
- Basic understanding of various technologies such as programming languages, and applications.
- Good time management and multitasking skills.
- Minimum education: B.E/MCA/B.Tech.
Information security certifications (such as CISSP, CSSLP, ISO27001, CEH/CPT or related certifications) would be preferred.
Self-motivated individual, and with ability to work to deadlines.
Team player with proven ability to build strong cross-business relationships