3 Isms Implementation Jobs

Role & responsibilities As a Cybersecurity GRC Specialist, this role plays a pivotal part in safeguarding the organization's information assets through comprehensive governance, risk management, and compliance initiatives. The focus is on ensuring adherence to regulatory requirements, industry standards, and cybersecurity best practices while supporting the design and documentation of cybersecurity control frameworks. Responsibilities include managing risk, evaluating third-party security postures, and ensuring that digital payment systems comply with relevant standards such as NIST, ISO27001, and ITGC. A strong understanding of cybersecurity frameworks and a proactive approach to aligning with global regulatory frameworks, industry best practices, and organizational goals is required to provide robust protection against cyber threats. Key Responsibilities Develop, implement, and manage a comprehensive risk management program to identify, assess, and mitigate cybersecurity risks across IT systems and processes. Continuously monitor the risk landscape, ensuring effective implementation and maintenance of mitigation strategies, while reporting on compliance with relevant laws, regulations, and industry standards. Lead audits and assessments to verify cybersecurity compliance, providing remediation guidance for identified gaps, and staying up to date with regulatory changes. Implement and maintain cybersecurity controls and frameworks, including NIST CSF, NIST 800-53, ISO/IEC 27001, and IT General Controls (ITGCs), ensuring alignment with industry standards and organizational needs. Manage the organizations ISO/IEC 27001 certification process, including the development and maintenance of an Information Security Management System (ISMS), conducting internal audits, gap analyses, and preparing for external audits. Develop and manage a third-party risk management program, including due diligence, risk assessments, and collaboration with other departments to ensure vendors meet cybersecurity requirements and contracts include appropriate clauses. Oversee digital payment system security, ensuring compliance with industry standards like PCIDSS, and collaborate with service providers and internal teams to protect against cybersecurity threats. Design, document, and regularly update a cybersecurity control framework that complies with relevant industry standards and regulatory requirements (e.g., NIST, ISO/IEC 27001, CIS, PCI DSS, RBI, SEBI, IRDA, DPDPA, GDPR, DORA). Conduct workshops with senior stakeholders to appraise them of cybersecurity frameworks and control requirements, ensuring continuous improvement of the organization’s cybersecurity posture. Qualifications Preferred candidate profile Desired qualifications Bachelors degree in information technology, Computer Science, or a related field (or equivalent experience). 3- 7 years of experience in information security, cyber security compliance, risk assessment or a similar role Good understanding of IT control frameworks (PCI DSS, NIST, COBIT, ITIL, CSF, ISO 27001, ITIL, COSO etc.) Good understanding and Indian and global cyber security regulations Strong analytical and problem-solving skills. Excellent communication and documentation skills. Ability to work independently and as part of a team. Experience with risk management, compliance, and audit processes

As a professional in IT Risk, Compliance, and security, you will play a crucial role in ensuring the security and integrity of core IT projects. Your responsibilities will include assessing audit findings and control weaknesses, collaborating with stakeholders to develop management action plans, and implementing security classification, change controls, and SDLC. Your expertise in industry frameworks such as ISO standards, GDPR, NIST, and PCI DSS will be essential in identifying and mitigating cyber security risks. In addition to your technical skills, you will also utilize your project management experience to plan and execute multiple IT Risk, Compliance, and security operations. You will contribute to the planning of SOX programs, conduct follow-ups on security control implementations, and develop project plans and resource plans to meet client needs. Your ability to communicate effectively and provide regular project updates to clients and leaders will be crucial in ensuring the success of GRC and Security engagements. Your primary skills in Governance, Risk and Compliance (GRC), Security Frameworks, and ISMS Implementation will be instrumental in driving the security initiatives forward. Additionally, possessing certifications such as CISA, CISM, CRISC, or CISSP will further enhance your expertise in the field. Joining Capgemini will provide you with the opportunity to work alongside a collaborative community of colleagues from around the world and contribute to building a more sustainable and inclusive world through technology. Capgemini is a global leader in business and technology transformation, with a strong legacy of over 55 years. As part of a diverse team of 340,000 members in more than 50 countries, you will have the chance to make a tangible impact on enterprises and society. Leveraging your skills in IT Risk, Compliance, and security, you will help unlock the value of technology for clients and address their business needs with innovative solutions. If you are passionate about technology and seeking to shape your career in a dynamic and supportive environment, we invite you to join us at Capgemini.,

Job Description: Strategic Leadership: Develop and execute the organization's cybersecurity and information management strategy, aligning it with business objectives and industry best practices. Collaborate with executive leadership to integrate security into all aspects of the company's operations and decision-making processes. Risk Management: Identify, assess, and prioritize cybersecurity risks and vulnerabilities, taking proactive measures to mitigate and manage them effectively. Establish a robust incident response plan and lead the response efforts in the event of a security breach. Security Governance: Oversee the development and implementation of information security policies, standards, and procedures. Ensure compliance with relevant regulatory requirements and industry standards (e.g., SEBI, RBI, DPDP, ISO 27001). Representation in various Committee and forums as required. Security Awareness and Training: Promote a strong cybersecurity culture across the organization through training, awareness campaigns, and ongoing education. Foster a sense of shared responsibility for security among employees and contractors. Security Architecture and Technology: Evaluate, recommend, and implement cutting-edge security technologies, tools, and practices. Oversee the design and maintenance of a secure and scalable IT infrastructure. Security Monitoring (SOC 24*7) and Incident Response: Implement continuous monitoring systems to detect and respond to security threats in real-time. Lead investigations into security incidents, documenting findings, and implementing remediation actions. Vendor and Third-Party Risk Management: Assess the security posture of third-party vendors and partners, ensuring they meet the company's security standards. Establish and maintain relationships with external security organizations and industry peers. Application Security and VAPT Budget and Resource Management Role and Responsibilities : Chief Information Security role comprehends the experience in ISMS implementation & audit management to strategize, improve and streamline information security governance within the organization. The role will be responsible for developing, implementing, and monitoring a strategic, comprehensive enterprise information security management program and protect the organization from cyber security and data breaches. Core Competencies : Technical & Functional Expertise Business & Commercial Acumen Market Intelligence Execution Excellence Strategic Orientation Decision Making Preferred Skills: Deep knowledge of cybersecurity technologies, risk management, and compliance requirements. Excellent Spoken & Written Communication. Analytical Ability. Stakeholder management.