Deputy Manager – IT Governance & Infosec Compliance

Key Responsibilities:

• ISMS Development and Implementation:
• Develop, implement, and maintain the organization's ISMS in accordance with established information security frameworks (e.g., ISO 27001, NIST Cybersecurity Framework).
• Identify and assess security risks, vulnerabilities, and threats to our information assets.
• Establish and maintain information security policies, procedures, and guidelines.
• Compliance and Certification:
• Ensure compliance with relevant information security standards, regulations, and legal requirements.
• Coordinate and oversee internal and external audits and assessments.
• Prepare the organization for ISO 27001 certification and lead the certification process and maintain the certification
• Security Awareness and Training:
• Develop and deliver information security awareness and training programs for employees and contractors.
• Promote a culture of security awareness and best practices throughout the organization.
• Incident Response and Management:
• Develop and maintain an incident response plan and coordinate incident response efforts.
• Investigate security incidents, breaches, and vulnerabilities, and implement corrective actions.
• Risk Management:
• Conduct risk assessments and identify areas for risk mitigation and improvement.
• Implement risk management strategies and monitor their effectiveness.
• Develop risk mitigation strategies and action plans.
• Security Audits and Assessments:
• Conduct regular security audits and assessments to identify weaknesses and areas for improvement.
• Collaborate with internal and external auditors to ensure compliance and drive remediation efforts.
• Vendor Security Management:
• Evaluate and monitor the security posture of third-party vendors and service providers.
• Ensure that third-party contracts include appropriate security clauses.
• Security Frameworks Expertise:
• Stay updated on emerging threats, security technologies, and industry best practices.
• Advise senior management on information security trends and their potential impact on the organization.
• Security Incident Documentation:
• Maintain records of security incidents, investigations, and resolutions.

Experience Requirements:

To excel in this role, the candidate should have the following qualifications and experience:

• Bachelor's degree in Information Security, Computer Science, or a related field. A Master's degree is preferred.
• Professional certifications such as ISO 27001:2022 LA, LI are highly desirable.
• 08-12 years’ experience with 4Yrs + in GRC.
• Familiarity with Privacy laws
• Have implemented and maintained organizations through ISO 27001 certification from grass roots level.
• Excellent communication skills (oral & written), with the ability to engage with all levels of the organization.
• Experience in conducting risk assessments, vulnerability assessments, and security audits.
• Proficiency in security technologies, tools, and methodologies.

Key Skills:

• Conduct Audits independently, publish audit findings and track to closure.
• Hands on experience on implementing and maintaining security frameworks (ISO 27001/TISAX etc).
• Creation and delivery of Information Security awareness programs for employees.

Dashboard preparation.

Note: please provide your total Experience and current CTC in your profile.