Information Security Manage

• To ensure information security compliance in line with Industry best practices, statutory and regulatory requirements

KEY RESPONSIBILITIES :-

• Lead the external Information Security Certification Audit
• Undertake Business Continuity and Disaster recovery Planning
• Conduct Information Security Internal audits
• Review Information security policies and suggest changes
• Undertake Information Security Incident Management
• Develop and implement Information Security User Awareness training
• Facilitate Information Security Risk Assessment
• Ensure software license compliance
• Other responsibilities

ASSOCIATED TASKS :
Lead the external Information Security Certification Audit

• Provide guidance to all scoped projects/divisions for the information security certification audits
• Design and plan information security program in line with ISO 27001 standards and security best practices
• Review, evaluate, and recommend information security requirements for information system applications (best practices).
• Coordinate security audit reviews with internal and external auditors

Undertake Business Continuity and Disaster recovery Planning

• Prepare, review, maintain and test the Business Continuity Plan (BCP)
• Create awareness & Train groups on the BCP
• Prepare BCP specific to customers’ requirements
• Document and test the Disaster Recovery Plan

Conduct Information Security Internal audits :

• Design, plan and co-ordinate Internal Information security audits
• Co-ordinate reviews of information security audits with the management
• Ensure the closure of actions arising out of the internal information security audits

Review Information security policies, procedures and suggest changes:

• Review existing policies, procedures and recommend changes
• Provide periodic reports on information security violations, vulnerabilities, and
• recommendations for changes to security policies, standards, and procedures
• Respond to Information security requirement in the request for proposals. Undertake Information Security Incident Management
• Design and co-ordinate procedures to report, respond to information security incidents
• Ensure closure of Information security incidents and manage risks evolving out ofInformation security risks

Undertake Information Security Incident Management :

• Design and co-ordinate procedures to report, respond to information security incidents
• Ensure closure of Information security incidents and manage risks evolving out of Information security risks

• Develop & Implement Information Security User Awareness training:

• Develop, plan and promote a system-wide Security Awareness and training program
• Develop relevant training material for security awareness
• Conduct Information security awareness programs for employees

Facilitate Information Security Risk Assessment

• Facilitate projects and functions to conduct the Information Security Risk assessment
• Recommend relevant procedures/policies/technologies for mitigating identified risks

Other responsibilities :

• Ensure protection of company assets and compliance to information security policies
• Undertake additional responsibilities/tasks as maybe required by the business LINKAGES INTERNAL EXTERNAL
• Projects
• Corporate functions – PxD, F&L, Recruitment • Prospects
• Customers REPORTEES Information Security Officers ROLE SPECIFICATION

QUALIFICATION :

B.E. EXPERIENCE 10+ Years SPECIFIC EXPERIENCE / EXPOSURE

• Well conversant with all security standards and trends, Network / Security concepts,
• Exposure to designing and planning a Disaster Recovery. Implementing security audits
• Knowledge about various security standards / Regulations – ISO 27001, Indian IT Act, GDPR, SSAE 18, HIPPA, etc.
• Certifications: CISM/CISA, CISSP