Job Views:  
2637
Applications:  77
Recruiter Actions:  5

Posted in

IT & Systems

Job Code

531766

Manager - Risk & Compliance - IT

5 - 10 Years.Mumbai
Posted 6 years ago
Posted 6 years ago

Responsibilities :

- Manage information security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management and annual performance reviews

- Develop and enhance an information security management framework based on one or more of the following ISO 27001, ISO 20000 / ITIL, National Institute of Standards and Technology (NIST), DPA, GDPR

- Comprehensive evaluation and establishment of Security control assessment including network vulnerability and Cyber security for JLTI environment

- CAP governance and Incident Management

- Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board

- Develop, maintain and publish up-to-date information security policies, standards and guidelines.

- Oversee the approval, training, and dissemination of security policies and practices

- Work directly with business units to facilitate IS and IT risk assessment processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk

- Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program

- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls

- Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings

- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation

- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action

- Work closely with related functions or programs like Privacy, Audit, Risk, BCM and coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas

- Coordinating the information security compliance efforts of all internal and outsourced functions that have one or more information security-related responsibilities, to ensure that organization-wide information security compliance efforts are consistent.

- Maintaining the document sufficiency for information security initiatives

- Plan and schedule ISMS Audits activities, coordinate with stakeholders for

- Perform related duties and fulfil responsibilities as required remediation of audit findings

- Evaluating information security exception requests based on valid business

- Managing IT Security Incidents & assisting in finding root cause analysis of security incidents

- Roll out of information security risk assessment program which includes Vulnerability Assessment, Penetration testing, Network & Security Architecture, Application Security reviews, Endpoint security,

- Excellent written and verbal communication skills, presentation skill, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences

- Knowledge and understanding of relevant legal and regulatory requirements, eg: IT ACT, Cyber Security Policy 2013, GDPR, DPA

Person Specifications :

Education Essential :

Graduate from a recognized institute in Information technology/ System / Security

Desirable :

Postgraduate/MBA in Information Security

Work Qualifications Essential :

Certified risk manager (CRM) or experience in dealing with a Regulator (RBI, SEBI, IRDA or TRAI)

ISO certified lead Auditor in 27001/22301

Desirable:

CISSP/CISM/CISA/ CEH

Experience Essential:

- 5 - 12 years of experience in the Risk and compliance/Information Security domain in financial services or IT/ ITES with proven track record in service delivery

- Ability to gauge risk and compliance impact of projects

- Experience/Knowledge in Application/Network Security.

- Strong Stakeholder management skills.

Desirable:

Prior experience of working in the insurance sector

Knowledge Essential:

- Knowledge Risk Management Frameworks

- Knowledge of ISO standards

- Network/Application security

Desirable: SSDLC

Skills & Abilities Essential :

- Excellent communication and presentation skills

- Analytical abilities

- Highly detail oriented and strong interpretational skills

- Strong Managerial and building and t skills

- High degree of problem solving skills to resolve problems in a multi-product/service environment

- Ability to understand business issues/customer requirements and provide solutions

call at 9891136660

Didn’t find the job appropriate? Report this Job

Job Views:  
2637
Applications:  77
Recruiter Actions:  5

Posted in

IT & Systems

Job Code

531766

UPSKILL YOURSELF

My Learning Centre

Explore CoursesArrow