Deputy Manager - ESGC

Position Name: Deputy Manager - ESGC

To ensure Information Security Management System and Risk management framework including Business continuity are effectively planned & established in line with the business objectives. The job exists to ensure compliance to IS requirements, both from customer and organization. If this role did not exist, ensuring compliance to IS requirements is not possible.

• Compliance to client information security requirements as agreed in the MSA by ensuring that requirements are captured, documented, implemented and verified
• Ensure customer audits are cleared successfully without any critical non-conformances
• Propose cost effective solution and maintain compliance cost
• Contain Revenue Leakage by ensuring reduction in revenue leakages resulting from IS incidents and effective implementation of controls
• Ensure operational excellence through the following:
• 1. Develop and manage ISMS (Information Security Management System) framework including Business continuity and awareness
• 2. Identify and implement applicable industry practices (IT act and amendments, Data Privacy and Data Security framework etc)
• 3. Establish and implement measurement program to assess effectiveness of the framework/system
• 4. Ensure all internal / external audits are planned and successfully
• cleared.
• 5. Monitor and track all internal/external audit findings to closure. Highlight open findings and accepted risks
• Enable Innovation through Automation and New initiatives
• Ensure Effective People Management by keeping the team engaged and having diverse workforce, Creating accountability & ownership in the team, handling team members grievances
• and ensuring team attrition is within targets
• Ensure Capability Development in the team by upgrading competency (skills) in the team in line with the current industry practices and business objectives including both managerial and technical capability

1. Degree: BE/M.tech or MBA
2. Certifications: CISA/ CISM Certification - ISO27001 lead auditors certification

1. Overall (in years): 10- 15 years
2. Relevant (in years): 8-12 years

Good understanding of various IS standards, framework such as ISO27001, PCIDSS, HIPAA, NIST, SOC/SSAE16 Standards & ISO27005, ISO 22301 Guidelines
- Knowledge of risk management (ISO31000, ISO27005), business processes- Knowledge of IT Security, physical and environmental security and HR security controls- Knowledge of regulatory requirements