Information Security Manager

Job Description

Drafting, Reviewing, Updating, and Enforcing Information Security Policies: Responsible for the formulation, periodic review, update, and organization-wide enforcement of information security policies and procedures in line with regulatory and industry standards. Implementing IS Related Controls as per Regulatory Requirements and Industry Best Practices: Ensures timely implementation and tracking of security controls as mandated by regulators and aligned with globally accepted standards such as ISO 27001, NIST, and PCI DSS. Coordinating Security Audits as per Regulatory Requirements: Acts as the central coordinator for internal, external, and regulatory audits, ensuring availability of evidence, responses, and closure of observations. Conducting Training and Awareness (Phishing and Quiz): Plans and executes regular security awareness programs, phishing simulations, and quizzes to build a security-conscious culture among employees. Performing IS Risk Assessment / GAP Assessment: Conducts periodic risk and gap assessments to identify, evaluate, and mitigate security weaknesses across systems, processes, and third parties. M aintenance of ISO 27001:2022 and PCI-DSS Certification: Manages and coordinates activities necessary to maintain ISO 27001:2022 and PCI DSS certification status, including audits, documentation, and corrective actions. Monitoring Ongoing IS Compliances through Compliance Calendar : Acts as a checker by maintaining a compliance calendar and tracking entity-wise and function-wise adherence to security compliance requirements. Policy, Process, and Other IS-Related Audits : Conducts independent assessments of IS policies, procedures, and control effectiveness to ensure compliance and identify opportunities for improvement. Participating in Regulatory Inspections: Supports regulatory inspections related to information security by providing necessary documentation, system access, and clarifications. Incident Management: Reviews information security incidents to find trends, causes, impact, and check how well responses worked; ensures incidents are reported to regulators on time as per rules; and regularly updates senior management or the board on security status, key risks, incidents, and compliance