Senior Executive/Assistant Manager Cyber Security, Data Privacy

Job Description

Senior Executive/Assistant Manager - Cyber Security., Data Privacy Job DescriptionRisk & Compliance role Experience : Senior Executive 3-5 Years Education - BE/BTech/BCA/Any Computer Science education graduation background. Post-Graduation added advantage Owning all ISMS and PIMS risk and compliance processes by liaising with various Support functions like Technology, HR, Finance, Legal, etc. as well as Business functions to ensure that the organization s processes, applications and infrastructure in India comply with regulatory and industry security standards like ISO 27001:2013, BS 10012:2017 and GDPR by supporting a risk driven approach to make valuable recommendations on standardization of processes and controls, and influence changes and decisions. The candidate will help drive continuous improvement of information security related processes and meet the organization s and client s security requirements. The candidate will own the process of attaining security certifications year on year, as applicable, and maintain security posture as defined by the organization s policies. Contribute to sustainable IT controls environment through involvement in key control activities Coordinate with stakeholders at various office locations across India to ensure compliance and facilitate internal and external audits related to Information Security Management System (ISMS), Personal Information Management System (PIMS) and GDPR, like ISO 27001:2013, BS 10012:2017, etc. Facilitate and liaise with various stakeholders to close all audit findings within time Undertake periodic compliance reviews of InfoSec and Privacy controls for applications, network and IT infrastructure of the firm, against defined policies. Provide periodic status reports to the management on the compliance status of the firm. Drive the remediation of IT control deficiencies Develop recommendations and strive for continuous improvement of internal IT controls environment in the organization Assist in designing and establishing new security frameworks for various operational processes Assist in preparation/ changes to InfoSec and Privacy strategy and roadmap for the firm, annually Responsible for keeping updated the ISMS and PIMS policy/ procedure documents of the firm, after periodic review or any major changes in processes, and maintain an up-to-date repository of documents for Information Security team Assist in implementation/ enforcement of the security policy/ procedures across the firm Participation in information risk assessment activities across the organization, including 3 rd party/ vendor risk assessments Drive InfoSec & Privacy awareness across the firm through trainings, awareness mailers, etc. Assist in automation initiatives for existing processes, wherever feasible Undertake annual Business Impact Assessment (BIA) exercise with various functions for identification of critical applications and their RTO/ RPO. Facilitate setup of new applications in Disaster Recovery (DR) site. Ensure and facilitate annual IT DR testing annually. Liaise with Data Backup team and ensure compliance for automated backups of end user systems and servers, and facilitate to resolve any issues. Review 3 rd party/ vendor contracts during onboarding process, from InfoSec and Privacy perspective and recommend amendments, if required. Travel requirement: around 10% in a year Bachelors Degree in IT or a related field required; Master s would be a plus Min. 3 years relevant experience (mandatory) of working in information/ cyber security and/ or data privacy field, or projects related to ISMS, PIMS and GDPR In-depth knowledge (mandatory) of ISO 27001 and BS 10012 standards and control requirements Experience of performing compliance assessments/ gap assessments vis- -vis IT controls. Prior experience of facing or being part of internal/ external audits related to ISMS, PIMS or IT General Controls testing CISA, CISSP, CISM, or any other certification related to ISMS and/ or PIMS would be a plus Knowledge of security related technologies (e.g. Identity & Access Management tools, Privileged Access Management Tools, Patch Management Tools, DLP, Antivirus, Firewalls, etc.) Exposure to, or at least a conceptual knowledge of, cloud environment security and VA/PT Experience of dealing with all levels of management and across different teams/ multiple stakeholders across regions; and managing conflicts Good written & verbal communication, and presentation skills Highly independent, with high ethical standards and integrity Excellent interpersonal and relationship building skills Working knowledge of SharePoint would be good to have ,

Keyskills :
sales accounts banking mis xternalaudit generalcontrols cybersecurity accessmanagement disasterrecovery iso27001 vendorcontracts identityaccessmanagement dataprivacy patchmanagement itcontrols