Information Security Lead - GRC

The Senior Information Security Specialist is responsible for supporting the planning, implementation, monitoring, and enhancement of the organization's information and cyber security controls. The role includes management of ISO27001, PCI-DSS, SOC2 Type2 Certifications practices, supporting privacy practices and ensuring compliance with legal, regulatory requirements and client contractual obligations related to Information and Cyber Security. This role is responsible for continual improvement in compliance and sustenance of ISMS practices.

Responsibilities

• Design, implementation, sustenance and continual improvement of Information Security Management System (ISMS) Practices.
• Definition and periodic revision of Information and Cyber Security Policies, Procedures, Standards and Guidelines in alignment with legal, regulatory requirements and client contractual obligations.
• Management of Information and Cyber Security Awareness Practices.
• Support GRC Head to maintain and continually improve compliance with legal, regulatory requirements and client contractual obligations related to Information and Cyber Security NPCI, RBI, CERT-In, IT Act, DPDP Act, MSME etc.
• Support GRC Head to maintain and continually improve compliance with ISO27001:2022, PCIDSS, SOC2 Type2 requirements.
• Definition and a periodic revision of List of ISMS Activities,
• Implementation of ISMS Activities under Information and Cyber Security Department
• Governance of implementation of ISMS Activities
• Management of Third-Party Risk Management Practices
• Conduct Information and Cyber Security Risk Assessment on a periodic basis
• Periodic review of Record of Processing Activities (RoPA)
• Conduct Data Privacy Impact Assessment (DPIA) activities on a periodic basis
• Participate in Change Management Reviews
• Handling Exception Management Activities
• Handling internal & external audits related to Information and Cyber Security and Privacy
• Ensure team is always audit ready to effectively handle internal & external audits
• Support GRC Head to conduct periodic Management Review Meetings

Qualifications

• Minimum bachelor's degree in Information Technology, Information Security, Cyber Security, Computer Science, or a related field.
• 6 to 8 years of progressive experience in implementation and management of Information Security Management System (ISMS) Practice
• ISO27001 Certificate Implementation experience will be preferred
• Minimum 2 years of experience in Team Management
• Hands-on experience in conducting Information and Cyber Security related activities (e.g. risk assessments, third party risk assessments, review of RoPA, DPIA, definition & revision of ISMS documents, ISO27001 implementation, management of ISMS practices etc.)
• Having Managerial experience along with hands-on experience will be preferred
• Relevant certifications such as ISO27001, CISM, CISSP will be preferred Good knowledge of regulatory frameworks and industry standards (ISO 27001, PCI-DSS, SOC2,RBI, DPDP Act, etc.).
• Good Communication (verbal & written) and Personal skills
• Risk oriented Managerial thought process is must Quick learning and adaptive abilities