Corporate Manager - Information Security-ERCG
Relevant Work-experience: 7-8 years of Information Security experience, 2 years min. information security in BFSI Insurance, preferred
Level - IL4 Upper
Certifications: OSCP, CEH, CISSP, CISA, CISM, ISO 27001:2013 LA
Job Description:
- Be responsible for setting IS Standards, Checklist, Guidelines such as:
- IS guidelines and any supporting templates;
- Standards for Technology Risk Assessments (TRA) for any process / technology change or new technology sourcing
- Manage internal / third party Ethical hacking / Vulnerability Assessment /
- Penetration Testing, Red Team assessment activities etc.
- Methodology / checklist for performing the TRA and approval matrix based on the results of the TRA BCP / DR standards including methodology for conducting Risk Assessment (RA) and Business Impact Analysis (BIA)
- Application security and Vendor risk assessment standards
- IS related trainings standards including frequency for IS related trainings for employees / contractors and the IT / IS teams
- Security testing baselines for conducting Vulnerability Assessment and Penetration Testing of IT systems (infrastructure and applications) including mandating the use of internal and external vendors based on asset classification
- Liaising with the business teams to define the roles within each application under their purview depending upon the business requirements
- Shall review the training / skill set requirements for the SOC / LAM / DLP teams
- Manage Information Security Projects/assessments etc
- Perform daily InfoSec operational activities like FnF Clearance, approvals etc.
- Conduct or participate Cyber security drill as per the requirement
- Assign detailed responsibilities and action steps to manage cyber crisis
- Identify the active risks along with the threat vectors related to cyber crisis
- Support response and investigation activities related to the cyber crisis
- Review regulatory impact and compliance obligations
- All other tasks/activities/projects etc. delegated by Chief Risk Officer (CRO) / Chief Information Security Officer (CISO)
Didn’t find the job appropriate? Report this Job