Manager/ Deputy Manager/ Assistant Manager (Information Security)

1. Mandatory Qualification:

• Engineering Graduate (IT/Computer Science), MBA (IT/Systems), or MCA from a recognized institute/university with strong knowledge of Information Security.

2. Desirable Qualification:

• Experience in implementing and maintaining GRC frameworks and ISO 27001:2022 compliance.
• Hands-on expertise in Information Security Risk Management, Cloud Security, Third-Party Risk Management, and Change Management processes.
• Proficiency in MS Excel and PowerPoint with strong written and verbal communication skills in English.
• Relevant certifications in Information Security/Cybersecurity. (e.g., CISSP, CISA, CEH, etc.)
• Practical experience with security tools like SIEM, firewalls, endpoint protection, etc.

3. Preferred Experience:

• ISMS implementation for organizations in the BFSI sector.

The employee will be responsible for ensuring the integrity, confidentiality, and availability of organizational information assets by overseeing the following:

1. ISMS Program Management:

• Lead the implementation, maintenance, and continual improvement of ISMS to ensure alignment with ISO 27001:2022 standards and CERT-In guidelines.

2. Risk Assessments and Audits:

• Conduct regular risk assessments, vulnerability scans, and audits (internal and third-party) to identify potential threats and address vulnerabilities.

3. Incident Response and Recovery:

• Develop and manage the organization's incident response and disaster recovery plans. Ensure timely resolution and minimal disruption during security incidents.

4. Policy and Compliance Management:

• Develop, update, and enforce security policies and procedures in line with ISO 27001, CICRA, and other applicable regulatory frameworks.

5. Collaboration with IT Teams:

• Work closely with IT teams to implement security measures for protecting organizational data, networks, and applications.

6. Third-Party Risk Management:

• Evaluate and manage the security posture of vendors and service providers to ensure compliance with contractual and regulatory requirements.

7. Security Awareness:

• Conduct organization-wide training and awareness programs, including phishing simulations, to enhance cybersecurity knowledge.

8. IT/IS Tools Management:

• Oversee the implementation and monitoring of tools such as SIEM, NGAV, EDR, DLP, and backup solutions.

9. Regulatory Compliance:

• Ensure adherence to CERT-In guidelines, conduct audits as per CICRA, and maintain ISO 27001 certification.

10. Documentation and Reporting:

• Prepare detailed reports for internal and external audits, risk assessments, and incident reviews. Present periodic updates to CISO and senior management.

11. Process Improvements:

• Continuously evaluate current security processes, recommend improvements, and assess new tools for better effectiveness.

12. Stakeholder Engagement:

• Ensure timely communication and coordination with business teams for approvals, testing, and compliance verification.

13. Monitoring and Testing:

• Ensure timely completion of DR drills, internal ISMS audits, and adherence to the organization's IT policies.

The role requires a proactive approach, excellent problem-solving skills, and the ability to work collaboratively across teams to ensure the organizations IT and information security objectives are met. This is an indicative job description. Any other tasks or responsibilities may be assigned by management as required.