Senior Delivery Manager - Information Se...

Job Description

Job Purpose Information security governance team member (with skip level reporting to CISO) who is proficient in information security risk assessments, understanding of regulatory requirements, drafting of ISMS and BCMS policies and procedures, monitoring Key Risk Indicators (KRIs) for information security governance across IT. Duties and Responsibilities A-Minimum required Accountabilities for this role ‚ Managing information security risk framework inline with ISO 31000 framework ‚ Discussion and follow up with risk owners to tracking risk mitigation actions. ‚ Identification of new risks across IT landscape including cloud environment, outsourced environment etc. ‚ Perform project specific risk assessment for IT projects. ‚ Perform risk assessment related to emerging technologies. ‚ Documentation and maintenance of policies and procedures as per ISMS and BCMS framework ‚ Updating policies and procedures in line with regulatory requirements ‚ Develop and monitor key risk indicators across IT environment in line with risk framework. ‚ Information security awareness among stakeholders in line with risks B-Additional Accountabilities pertaining to the role ‚ Participation in management reporting and governance committee presentations ‚ Assisting and co ordinating internal audits ‚ Prepare management reports by collecting, analyzing, and summarizing information. ‚ MOE (Measurement of Effectiveness):Collation of MOE data ‚ Perform trend analysis as compare to outcome of previous values of KRIs Key Decisions / Dimensions Identification of right contacts for get required data on time. Review the data and decide if the observations identified correct and complete. Review and decide if closure evidence shared are sufficient to close the audit observations. Decide if the policy and procedure documents need changes based on new regulations or audit outcomes. Major Challenges Handling of fast changing regulatory expectations Handling of compliance expectations in stringent timelines Handling multiple stakeholders at a time Coordination with third party consultants who assist in auditing and compliance initiatives Required Qualifications and Experience a)Qualifications Minimum qualification required is computer graduate with minimum of 4 Years of experience in information security b)Work Experience Knowledge & hands-on experience in information security risk assessments. Sound knowledge on ISMS & BCMS frameworks, regulatory guidelines related to IT and cyber for NBFCs Proficient in word, Excel, PowerPoint Experience in data analysis and report drafting. Experience in Project management. Positive attitude, Hard Worker and team player Excellent Communication and Leadership Skills Certifications like ISO 27001, CISA/CISM/CISSP would be an added advantage