Assistant General Manager (Information Security)

1. Mandatory Qualification:

• Engineering Graduate (IT/Computer Science), MBA (IT/Systems), or MCA from a recognized institute/university with strong knowledge of Information Security.

2. Desirable Qualification:

• Experience in implementing and maintaining GRC frameworks and ISO 27001:2022 compliance.
• Hands-on expertise in Information Security Risk Management, Cloud Security, Third-Party Risk Management, and Change Management processes.
• Proficiency in MS Excel and PowerPoint with strong written and verbal communication skills in English.
• Relevant certifications in Information Security/Cybersecurity. (e.g., CISSP, CISA, CEH, etc.)
• Practical experience with security tools like SIEM, firewalls, endpoint protection, etc.

3. Preferred Experience:

• ISMS implementation for organizations in the BFSI sector.

Job description

The employee will be responsible for ensuring the integrity, confidentiality, and availability of organizational information assets by overseeing the following:

1. ISMS Program Management:

• Lead the implementation, maintenance, and continual improvement of ISMS to ensure alignment with ISO 27001:2022 standards and CERT-In guidelines.

2. Risk Assessments and Audits:

• Conduct regular risk assessments, vulnerability scans, and audits (internal and third-party) to identify potential threats and address vulnerabilities.

3. Incident Response and Recovery:

• Develop and manage the organization's incident response and disaster recovery plans. Ensure timely resolution and minimal disruption during security incidents.

4. Policy and Compliance Management:

• Develop, update, and enforce security policies and procedures in line with ISO 27001, CICRA, and other applicable regulatory frameworks.

5. Collaboration with IT Teams:

• Work closely with IT teams to implement security measures for protecting organizational data, networks, and applications.

6. Third-Party Risk Management:

• Evaluate and manage the security posture of vendors and service providers to ensure compliance with contractual and regulatory requirements.

7. Security Awareness:

• Conduct organization-wide training and awareness programs, including phishing simulations, to enhance cybersecurity knowledge.

8. IT/IS Tools Management:

• Oversee the implementation and monitoring of tools such as SIEM, NGAV, EDR, DLP, and backup solutions.

9. Regulatory Compliance:

• Ensure adherence to CERT-In guidelines, conduct audits as per CICRA, and maintain ISO 27001 certification.

10. Documentation and Reporting:

• Prepare detailed reports for internal and external audits, risk assessments, and incident reviews. Present periodic updates to CISO and senior management.

11. Process Improvements:

• Continuously evaluate current security processes, recommend improvements, and assess new tools for better effectiveness.

12. Stakeholder Engagement:

• Ensure timely communication and coordination with business teams for approvals, testing, and compliance verification.

13. Monitoring and Testing:

• Ensure timely completion of DR drills, internal ISMS audits, and adherence to the organization's IT policies.