'%3e%3cpath d='M15.3069 13.1535H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 8.15347H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 3.30693H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='clip0_126_10407'%3e%3crect width='16' height='16' fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Tech Mahindra - Assistant Manager/Senior Executive - Information Security & Risk
MumbaiRole: Information Security
Designation : Sr. Executive / Assistant Manager - Information Security & Risk
Department / Function : Internal Audit & Risk
Location: Mumbai - Malad West
Shifts : UK shifts (1 pm - 10:30pm)
Reports To: Manager Information Security
Direct Reports : None
I) Job Purpose Summary :
- The key purpose of this job role is to develop, communicate and implement a strategy to identify, mitigate and handle current and potential issues/lapses in the security of Information Technology Systems and Processes.
- This job involves cross functional liaison with IT, Facilities & Properties, HR, Finance, Operation functions & clients to ensure Information Systems security across HGS.
II) Key Responsibilities :
Information Systems Risk Assessment :
- Apply a risk-based approach to identify and report on the key security threats and exposures across all systems, policies, processes, and infrastructure including facilitation of risk assessment within key outsource providers.
- Ensure any material security risks to the business are communicated in a timely and effective manner, with appropriate recommendations for resolution.
- Facilitate information security risk assessments for all processes and monitor internal control systems to ensure that appropriate information access levels and security controls are maintained
- Maintain effective working relationships with business management and proactively assist them in identifying and prioritizing areas of potential risk that need focus.
Setting up a Risk Mitigation Processes :
- Define Document, Manage and Operate Information Security (ISMS) policies and procedures for this relationship based on ISO 27001 Standard and customer's security requirements.
- Assess and approve the Information Security risks in the risk management report
- Work cross functionally to establish and maintain a suite of relevant Security policies, procedures and standards which reflect the needs of stakeholders, including the customer data security requirements of Vodafone and Three
- Introduce a Security Awareness Programme at all levels across the Organisation
- Communicate with and Motivate employees, contractors, and consultants to change behaviors that are potential risks to Information Security and incorporate security concerns into their decision making.
- Set up processes to improve overall compliance with the organization's information security policies, procedures, standards, and checklists.
- Support IT Operations in implementing the defined security policies to address the threats and exposures identified
Monitoring & Compliance :
- Develop a system of audits to Monitor compliance against Information Security polices among employees, contractors, alliances, and other third parties,
- Highlight situations where monitoring may not be viable and work with respective departments to come up with alternatives.
- Monitor changes in legislation and accreditation standards that affect information security
- Support, advise and give guidance to internal customers on matters of Information Security and Risks
- Process review on Incident and Patch Management
Documentation, Incident Management & Reporting :
- End to end management of security incidents and breaches: Work cross-functionally to secure support and commitment from stakeholders to implement recommendations and actions within required timescales
- Ensure documentation of audit findings including details of causes, actions taken, tangible and non-tangible impacts of the incident and overall effectiveness
- Evaluate the effectiveness of BC/DR process through stakeholder feedback
- Incorporate key learnings from each incident and from feedback into the overall plan to ensure continuous improvement of the Information Security
- Responsible for MIS/Reporting on established security metrics on a regular basis.
Technical Skills :
- Conduct Technical Risk assessment based on ISO 27001 standard.
- Conduct network architecture and application review.
- Conduct Network Architecture and application review.
- Conduct Firewall rule set to review and hardening review of servers and network devices.
III) Competencies :
Functional Job-specific Skills / Knowledge :
Necessary :
- Strong understanding of Information Security risks and controls
- Strong understanding of ISO 27001 and other relevant IS standards
- Worked on Data Protection and Privacy acts
- Worked on VAPT projects. Hands on experience on Nessus, Nipper, WebInspect.
- Working knowledge of Project Management methodology
- Working Knowledge of MS Office Tools
Preferable :
- Certified Information Security Management Qualification (CISM) & Certified Information Systems Auditor (CISA) and Qualification in Computer Auditing (QICA) qualifications will be an added advantage
- PCI-QAS will be a plus
- Good knowledge in Compliance, Operational Risk, regulations like DPA, PCI, etc
Behavioral Competencies :
Necessary :
- Self Motivation
- Take ownership and responsibility for getting the job done.
- Be confident, decisive and action-oriented.
- Interpersonal Skills
- Work well with others as part of a team
- Share information & ideas
- Resolve conflicts
- Planning & Organizing
- Be organized and systematic
- Be able to manage workload, prioritize time and effort
- Be detail oriented
- Managing Stress
- Be able to work effectively under pressure to meet tight deadlines.
- Be able to multi-task to meet multiple requirements simultaneously
- Communication
- Fluent in written and oral communication
- Articulate and confident while talking to various levels within and outside the organization
- Integrity
- Do the right thing and demonstrate honesty and transparency in everything he/she does, in spite of pressure to the contrary
Preferable :
- Influencing
- Be able to persuade, convince, impress and influence others to get their support for a specific agenda.
- Be able to collaborate with others/stakeholders to negotiate effectively and arrive at a win-win situation
Business Awareness :
- Understand the Organisation and the nature of the business.
- Be aware of key leaders and decision makers in different areas of the business.
- Be aware of the key developments in different areas of the Organisation and in the Company as a whole.
- Be aware of industry trends and best practices, and how these influence the way we do our business
Decision Making :
- Consider pros and cons of a situation and make effective decisions.
- Consider the impact of the decision on the business, the employees and the customers.
- Make decisions confidently and in a timely manner
- Be transparent and share the decision and its impact on the concerned people
- Take personal responsibility for the decision and its consequences
IV Education Qualifications / Certification:
Necessary :
- Graduation in any IT field
Preferable :
- Professional certification in Business Continuity Management from BCI, UK or equivalent
V Work Experience :
Necessary :
Minimum 7 years experience in Security Risk Assessment & Mitigation
Preferable :
Experience in a BPO / ITES business
Didn’t find the job appropriate? Report this Job
'%3e %3cpath d='M24 48C37.2548 48 48 37.2548 48 24C48 10.7452 37.2548 0 24 0C10.7452 0 0 10.7452 0 24C0 37.2548 10.7452 48 24 48Z' fill='%23333333' fill-opacity='0.8'/%3e %3cpath fill-rule='evenodd' clip-rule='evenodd' d='M22.5299 19.0115V19.5849V29.0154V31.5316C22.5299 32.3403 23.1967 33 24.004 33C24.8114 33 25.4784 32.3358 25.4784 31.5316V29.0154V19.5849V19.013L29.4885 23.0077C30.0627 23.5795 31.0044 23.5743 31.5733 23.0077C32.1421 22.441 32.1423 21.4975 31.5735 20.9308L30.1054 19.4684C30.0891 19.4504 30.0724 19.4329 30.0551 19.4156L25.0837 14.4634L25.0479 14.4264C24.9234 14.3024 24.7807 14.2055 24.6281 14.1358L24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946C24.0039 13.8983 23.3839 14.0068 22.9622 14.4268L22.9533 14.436L21.4743 15.9093C21.4615 15.9211 21.449 15.933 21.4367 15.9452L16.4286 20.934C15.8598 21.5008 15.8545 22.4389 16.4286 23.0108C17.0027 23.5826 17.9394 23.5827 18.5135 23.0109L20.0019 21.5283C20.0147 21.5164 20.0274 21.5043 20.0399 21.492L22.5299 19.0115ZM24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946L24.5952 14.1212Z' fill='white'/%3e %3c/g%3e %3cdefs%3e %3cclipPath id='clip0_99_1825'%3e %3crect width='48' height='48' fill='white'/%3e %3c/clipPath%3e %3c/defs%3e%3c/svg%3e "Scroll Up"){kind=small}