Infosec Manager
n: Bangalore
Job Summary
Our client, an internationally active provider of IT and back-office services and catering to the BFSI industry is currently on the lookout for an Infosec Manager for immediate placement in Bangalore.
We are seeking experienced senior information and cyber security risk specialists to deliver a range of activities associated with the discharging of Infosec line responsibilities. This role will support the newly created governance and risk function within the IT Org and play a direct active part in the oversight of effective information and cyber security governance and risk management across the company. These roles will have considerable engagement with all business units, risk committees, and other stakeholders across the Company. Successful candidates will be expected to lead and deliver a range of complex activities in the following fields:
Policy Management
- Lead the creation of new information and cyber security policy content and Review/Maintain existing policy documentation for the company
- Provide support and clarity to customers and users of the information and cyber security policy framework answering related questions and challenges as they arise
- Lead the allocation of and coordinate the timely completion and maintenance of policy documentation where this is delegated to others
- Lead the effective publication of policy materials and documents
Risk Management
- Lead the creation of a risk definition for information and cyber security for the company
- Lead the creation of a risk appetite and all associated reporting metrics
- Maintain the Risk Type Framework for information and cyber security and lead the coordination of delivery of all required controls from that document
- Lead the coordination and collation of risk landscape documents and associated matrices from all reporting business areas
- Perform trend analysis as risk landscape documents highlighting thematic issues and anomalies for management attention
- Oversee and coordinate risk mitigation plans calling out where these are ineffective or insufficiently followed
Governance
- Lead the production of materials for all governance meetings relating to information and cyber security for the company
- Ensure consistency of reporting and production of high quality documentation and materials
- Lead the effective operation of governance forums to oversee information and cyber security risk at the company
- Lead the construction and completion of attestations from across the business on information and cyber security risk management and policy embedding
Management Information Production
- Accountable for Information Security governance initiatives
- Required to provide direction to core IT/ InfoSec governance activities as defined
- Responsible for formalizing policy, standards, procedures in agreement with stakeholders
- Responsible for monitoring of periodic IT compliance parameters
- Internal consultant for IT domain leads, administrators for security infrastructure and assisting them to implement security devices configuration controls for firewalls, Internet connectivity, Proxies, IPS and router etc.
- Strong knowledge in Project Management, IT Security Architecture Design
- Assist in Implementation of Information Security governance framework as per strategic requirements across organization
- Accountable for Business Continuity Management
- Guide IT Security team on implementing policies, rules on various devices.
- Involve in Internal/ External audits for InfoSec areas
Job Requirements
- You must have strong experience in Information Security Management systems, Policy & procedures creation & implementation
- ISO 27001 assessment
- You must have strong experience of Information Security Risk Management, Security Assessment, defense in depth and offensive vs defensive techniques
- You must have experience on Vulnerability Management, Incident Management, Threat intelligence and Analytics
- You must have experience of Cybersecurity Framework implementation, tools & technologies
- You must have knowledge of Cybersecurity tools like Data Leakage Prevention (DLP), SIEM, Identity & Access management and Encryption
- You must have strong understanding of Network Security technologies like Firewall, IDS/IPS, and SSL VPN etc.
- Excellent communication skills (written & verbal) are mandatory