Technology

Information Security Manager

Mumbai
Work Type: Full Time
Apply Now
The purpose of this role is to ensuring confidentiality, integrity and availability of data and systems. Help protect the organization against evolving cybersecurity threats and regulatory challenges.

Objectives of the role:

  • Review and update all existing policies and procedures based on identified gaps.
  • Implement awareness programs/campaigns/Phishing simulations to keep employees informed about the importance of adhering to Cybersecurity policies.
  • Regularly review and update the BCP to reflect changes in business operations, technology, and emerging threats.
  • Prepare a detailed report summarizing the drill, including performance metrics,  identified gaps, and recommendations for improvement.
  • Schedule regular board and committee meetings to review organizational performance and strategic initiatives.
  • Communicate & track Risk Assessment and Internal/External Audit findings till closer.
  • Develop dashboards and reports to visualize and track performance against established metrics.
  • Maintain a risk register to document identified risks, their potential impacts, and likelihood.
  • Provide regular updates on risk management activities, including identified risks, mitigation efforts, and outcomes.
  • Maintain thorough documentation of compliance activities and prepare timely and accurate reports for regulatory authorities as required.
  • Responsible for Identity Management/ Identity & Access Governance/ Access Management. Maintaining user access and need to know basis privileges to produce sensitive data.
  • Make recommendations to enhance information security, including processes, procedures, governance approaches, and compliance. Partner with Control and Compliance peers who lead and manage engagements with Internal/External Auditors as well as Regulatory Examiners.
  • Understanding of Cloud Computing/Security concepts and Cloud Security Governance.
  • Understanding of Data Privacy, GDPR, Data Protection, Data Classification.
Skills Required:
  • Technical knowledge and understanding of vulnerabilities and its impact, OWASP framework.
  • Experience working with internal and external auditors and regulatory examiners in a corporate organization.
  • Must have knowledge of risk management disciplines; security policies and standards; security awareness; IS risk management controls; 3rd party / vendor management.
  • Proven experience implementing and rolling out key initiatives and tools.
  • Knowledge of latest cyber security trends & global industry best practices pertaining to financial Industry.
  • Understand concepts of controls and compliance.
  • Excellent Interpersonal and Communication skills.
  • Strong understanding of standards and frameworks ISO 27001, NIST, PCI DSS etc.
  • Stakeholder Management
Experience needed:
This position requires minimum 6-9 years of relevant experience

Qualifications:
  • Bachelor's degree in Computer Science or equivalent.
  • At least 1 of the following Certification: CEH, CISM, CRISC, CISA, ISO 27001.

Submit Your Application

You have successfully applied
  • You have errors in applying
Or
  Autofill with LinkedIn
Social Network and Web Links
Provide us with links to see some of your work (Git/ Dribble/ Behance/ Pinterest/ Blog/ Medium)