Information Security Manager

Job Details:

Work Location - Gurgaon

Work from Office

Job Summary:

The Information Security Manager is responsible for overseeing and implementing the organization's information security program to ensure the confidentiality, integrity, and availability of information assets. This includes leading ISO 27001 certification efforts, ensuring GDPR compliance, managing risk assessments, and developing security policies and procedures.

Key Responsibilities:

ISO 27001 Implementation and Maintenance:

• Lead the implementation and maintenance of the ISO 27001 Information Security Management System (ISMS).
• Conduct regular internal audits to ensure compliance with ISO 27001 standards.
• Coordinate external audits and manage the certification process.
• Develop and update information security policies, procedures, and documentation in line with ISO 27001 requirements.

GDPR Compliance:

• Ensure the organization complies with GDPR and other relevant data protection regulations.
• Conduct data protection impact assessments (DPIAs) and manage data subject access requests (DSARs).
• Implement and monitor data protection policies and procedures.

Risk Management:

• Perform regular risk assessments to identify and mitigate potential security threats.
• Develop and implement risk treatment plans.
• Monitor and review security incidents and breaches, and implement corrective actions.

Information Security Operations:

• Manage the day-to-day operations of the information security program.
• Oversee the implementation and maintenance of security tools and technologies.
• Develop and deliver information security awareness and training programs.
• Coordinate with IT and other departments to ensure the secure implementation of new technologies and systems.

Incident Response:

• Develop and maintain an incident response plan.
• Lead the investigation and response to security incidents and breaches.
• Conduct post-incident reviews and develop strategies to prevent future incidents.

Qualifications:

• Bachelor’s degree in information security, Computer Science, or a related field.
• Professional certifications such as ISO 27001 Lead Auditor, CISSP, CISM, or CISA are highly desirable.
• Minimum of 5 years of experience in information security management or a related field.
• Strong understanding of ISO 27001 and GDPR requirements.
• Experience with risk management, security assessments, and incident response.
• Excellent communication and leadership skills.

Preferred Skills:

• Knowledge of other relevant standards and regulations (e.g., NIST, PCI-DSS).
• Experience with security tools such as SIEM, IDS/IPS, DLP, and endpoint protection.
• Familiarity with cloud security and secure software development practices.
• Ability to work collaboratively with cross-functional teams.
• Strong analytical and problem-solving skills.