Senior Manager Information Security

Job Description

Position Summary: Sr Manager Information Security Governance The Incumbent would be responsible to manage the information security governance, risk, and compliance process. Standardize GRC policies, evaluate their impacts, and implement the relevant measure. Liaise with Internal Audit, Corporate Compliance, Office of General Counsel and Risk Management to remediate new and outstanding issues; track security-related issues in the electronic GRC system. This is a global role engaging stakeholders (at all levels) across geographies like India, Philippines and US. Certifications such as CISA, CISSP, CISM, CEH, ISO27001 LA are required (The Incumbent needs to possess at least two certifications). Incumbent should be a good effective communicator. Information security team is a healthy mix of exuberance, expertise and experience. Job Functions and Responsibilities: Develop and maintain a robust threat intelligence gathering and monitoring plan. Review external threat Advisories and determine relevance to organization and design an appropriate response strategy Conduct assessment / review of IT processes and recommend action for improving IT governance maturity using reference frameworks like ISO 27001/ ITIL/others. Provide reports to senior management for review of information security risks, governance and compliance. Keep abreast with latest security and privacy regulations, advisories and alerts. Ensure compliance with organizational information security policies and procedures Is responsible to manage security incidents and policy exceptions. Regular checks of strength and efficiency of security system and provides security expertise for the business unit and function managers Conduct IT security awareness through regular publishing of monthly security updates/bulletins and trainings (e.g., brown bags) to improve IT security knowledge of users and IT staff. Provide advice and consultancy on security risks and controls. Is responsible for keeping an up-to-date map of security risks, latest security and privacy regulations, advisories. To participate to internal and external audits, and in liaison with regulatory and market bodies Analysis on qualitative and quantitative Risk Approach i.e. Risk Assessment of all assets across group along with Risk Treatment Plan. To analyze and assess security risks and their impacts, and implement the relevant measures. Coordinates compliance and auditing activities and facilitates migration of non-compliant environments to compliant environments. Is responsible to monitor and manage security-related nonconformities Key Result Areas: High Quality Content creation for Information Security Presentations for councils such as MBR, TechOps and ITRC Identification and Management of Information Security Risks Manage Infosec risks in third party engagements and drive improvements across categories of vendors Qualitative review and upkeep of InfoSec Policies and Procedures Enhance Employee awareness to make it more engaging and effective. Proactive identification of resolution of risks to maintain high InfoSec Posture ratings. Track effective set of infosec metrics and drive improvement in security posture. Participate in and Respond to InfoSec Audits, Questionnaires and Examinations Enhance Incident Management preparedness and drive InfoSec incident management. Qualifications: BE / BTech / ME / MTech / MBA with specialized Infosec certifications such as CISSP, CISA, ISO 27001 LI/LA, CISM Bachelor of Engineering or equivalent 13-15 yrs of experience in the field of Information Technology & Security audits At least nine (11) years of Information Systems & Security audit experience Extended Knowledge of IT Security. Experience in implementing IT controls within the IT governance framework and designing overall governance framework. Good Understanding of Risk and Compliance concepts and Tools Good communication and documentation skills. WORK SCHEDULE OR TRAVEL REQUIREMENTS 3 PM IST to 12 PM PST Travel - Minimal. To attend office in-person at the base location as and when required.