Assistant Manager-information Security

Hiring for Information Security-Assistant Manager!!
- ISO 27001 Audits
- PCI DSS Audits
- ISMS implementation
- Policy drafting
- Vulnerability assessment Penetration testing (VAPT)
- Risk assessment
- Incident management.
I) Job Purpose Summary :
The key purpose of this job role is to develop, communicate and implement a strategy to identify, mitigate and handle current and potential issues / lapses in security of Information Technology Systems and Processes.
This job involves cross functional liaison with IT, Facilities & Properties, HR, Finance, Operation functions & clients to ensure Information Systems security across HGS.
II) Key Responsibilities :
Information Systems Risk Assessment
Apply a risk based approach to identify and report on the key security
threats and exposures across all systems, policies, processes and
infrastructure including facilitation of risk assessment within key outsource
providers.
Ensure any material security risks to the business are communicated in a
timely and effective manner, with appropriate recommendations for
resolution.
Facilitate information security risk assessments for all processes and
monitor internal control systems to ensure that appropriate information
access levels and security controls are maintained
Maintain effective working relationships with business management and
proactively assist them in identifying and prioritizing areas of potential risk
that need focus.
Setting up a Risk Mitigation Processes
Define Document, Manage and Operate Information Security (ISMS)
policies and procedures for this relationship based on ISO 27001 Standard
and customers security requirements.
Assess and approve the Information Security risks in the risk management
report
Facilitate and support VAPT process and deliver report to customer.
Work cross functionally to establish and maintain a suite of relevant
Security policies, procedures and standards which reflect the needs of
stakeholders, including the customer data security requirements of
Vodafone and Three
Introduce a Security Awareness Programme at all levels across the
Organisation
Communicate with and Motivate employees, contractors, and consultants
to change behaviors that are potential risks to Information Security and
incorporate security concerns into their decision making.
Set up processes to improve overall compliance with the organization's
information security policies, procedures, standards, and checklists.
Support IT Operations in implementing the defined security policies to
address the threats and exposures identified
Monitoring & Compliance
Develop a system of audits to Monitor compliance against Information
Security polices among employees, contractors, alliances, and other third
parties,
Highlight situations where monitoring may not be viable, and work with
respective departments to come up with alternatives.
Monitor changes in legislation and accreditation standards that affect
information security
Support, advise and give guidance to internal customers on matters of
Information Security and Risks
Documentation, Incident Management & Reporting
End to end management of security incidents and breaches : Work cross
functionally to secure support and commitment from stakeholders to
implement recommendations and actions within required timescales
Ensure documentation of audit findings including details of causes, actions
taken, tangible and non-tangible impacts of the incident and overall
effectiveness
Evaluate effectiveness of BC/DR process through stakeholder feedback
Incorporate key learnings from each incident and from feedback into the
overall plan to ensure continuous improvement of the Information Security
Responsible for MIS/Reporting on established security metrics on a regular
basis.
III) Competencies :
Functional Job-specific Skills / Knowledge Necessary
Strong understanding of Information Security risks and controls
Strong understanding of ISO 27001 and other relevant IS standards
Worked on Data Protection and Privacy acts
Working knowledge of Project Management methodology
Working Knowledge of MS Office Tools
Preferable
Certified Information Security Management Qualification (CISM) & Certified Information Systems Auditor (CISA) and Qualification in Computer Auditing (QICA) qualifications will be an added advantage
PCI 0- QAS will be a plus
Worked on VAPT projects
Good knowledge in Compliance, Operational Risk, regulations like DPA, PCI, etc
Behavioral Competencies
Necessary
Self Motivation
- Take ownership and responsibility for getting the job done.
- Be confident, decisive and action-oriented.
Interpersonal Skills
- Work well with others as part of a team
- Share information & ideas
- Resolve conflicts
Planning & Organizing
- Be organized and systematic
- Be able to manage workload, prioritize time and effort
- Be detail oriented
Managing Stress
- Be able to work effectively under pressure to meet tight deadlines.
- Be able to multi-task to meet multiple requirements simultaneously
Communication
- Fluent in written and oral communication
- Articulate and confident while talking to various levels within and outside the organization
Integrity
- Do the right thing and demonstrate honesty and transparency in everything he/she does, in spite of pressure to the contrary
Preferable
Influencing
- Be able to persuade, convince, impress and influence others to get their support for a specific agenda.
- Be able to collaborate with others/stakeholders to negotiate effectively and arrive at a win-win situation
Business Awareness
- Understand the Organisation and the nature of the business.
- Be aware of key leaders and decision makers in different areas of the business.
- Be aware of the key developments in different areas of the Organisation and in the Company as a whole.
- Be aware of industry trends and best practices, and how these influence the way we do our business
Decision Making
- Consider pros and cons of a situation and make effective decisions.
- Consider the impact of the decision on the business, the employees and the customers.
- Make decisions confidently and in a timely manner
- Be transparent and share the decision and its impact with the concerned people
- Take personal responsibility for the decision and its consequences
IV Education Qualifications / Certification:
Necessary
Graduation in any IT field
Preferable
Professional certification in Business Continuity Management from BCI, UK or equivalent
V Work Experience :
Necessary
Minimum 7 years experience in Security Risk Assessment & Mitigation
Preferable
Experience in a BPO / ITES business