Information Security Manager

About the job : Job Role : Information Security Manager Job Details : Information Security Manager reports to the CISO and will be one of the key roles managing the Company's digital realm. The Manager's job is to ensure that Company's Information and data remains secure from cyber threats and all compliances are in place. Infosec Manager needs to have a keen understanding of technology, security tools, team management, handling various audits, external auditors, client audits, and excellent collaboration / communication skills to convey the importance of security to everyone in the company. Job Description : Information Security Responsibilities : - Performing QMG audits based on ISO 27001, ISO 9001 , SOC , GDPR , etc. for Payroll and BGV Department - Ensuring that an Information Security and Quality system is established, implemented, maintained, and improved in accordance with the international standards - Analysis of Customer Complaints and Incidents , RCA closure - Preparing Audit schedules, Conducting Internal Audits, preparing / reviewing audit reports, Writing / reviewing Nonconformity reports. - Risk assessments and Internal audits as per ISO 27001, CSA, ISO 27017, ISO 27018, GDPR, etc. on Information Security - Data Privacy Audits and Process Improvements - Involvement in client audits and external audits at org level - Reviewing function wise security/privacy/data protection incident reports and recommending CAPA. - Reporting on the performance of the Information Security and Quality system to the Function Head for review and as a basis for improvement of the ISMS and QMS system - Communicating to the CISO on Quality issues / Non-conformities & Audit reports - Measuring effectiveness & Monitoring the process performance and Initiating necessary corrective and preventive action. - Time to time review of all the functions, to check the effective implementation of Quality Management system. - Monitor the performance of Auditors and Facilitators - Resolution of Cust Complaints and improve CSAT - Training and awareness on Info Sec policies at department level - To make sure information security policies, standards, guidelines, and best practices are implemented across the company. - Ensure compliance with relevant laws, regulations, and contractual obligations related to information security and required for Organization. - Closely work with Cloud and Infra team for remediation of - Manage the vulnerability management program and ensure that the security posture of the company's assets is continuously monitored and improved. - Collaborate with other technology leaders and business stakeholders to ensure that security is integrated into the design, development, and delivery of technology solutions and services. - Evaluate and recommend security technologies, tools, and vendors that meet the company's needs and requirements. - Stay abreast of the latest security trends, threats, and best practices and provide thought leadership and guidance to the organization. Manager Responsibilities : - Manage security governance, risk, and compliance (GRC) program and provide regular reporting to CISO and Function heads the board of directors. - Develop and implement a security awareness and education program that fosters a culture of security. - Manage and mentor a team of security professionals and foster a collaborative and high-performance environment. Qualifications : - Seasoned professional in Information Security. - Minimum of 4-5 years of progressive experience in information security, with at least 2 years in a manager / lead role. - Bachelor's / master's degree in CS/ ET/ IT/ ETX, information systems, cyber security, or related field. - Relevant certifications ISO 27001, CISM, CISA, CRISC, data privacy are preferred. - Demonstrated experience in developing and executing a comprehensive information security strategy and program for a large and complex organization. - In-depth knowledge of information security frameworks, standards, methodologies, and best practices (i.e., NIST, ISO, COBIT, SANS, OWASP). - Knowledge of industry relevant frameworks, locally applicable cyber security and data privacy regulations. - Deep and thorough understanding of security technologies, architectures, and solutions across various domains (i.e., network, endpoint, cloud, mobile, web, application, identity, access, encryption, etc. - Proven ability to manage security incidents, conduct root cause analysis, and implement corrective and preventive actions. - Excellent communication, presentation, and interpersonal skills, with the ability to communicate complex security concepts and issues to technical and non-technical audiences. - Proven and effective leadership skills, with the ability to build and manage a high performing team. - Ability to build and maintain relationships with vendors and partners within all levels of the organization. - Excellent analytical and problem-solving skills. - Keen business acumen and understanding of business operations. - Ability to work in a fast-paced, dynamic environment - Willingness to know and work on global standards and frameworks (ref:hirist.tech)

Location: pune, IN

Posted Date: 10/13/2024