Job Description - Information Security Compliance Manager

Qualifications

·      BE/ B.Tech/ MSc/ MCA equivalent

·      Certifications: Lead Auditor ISO 27001 (mandatory requirement), Preferrable certifications (anyone) – CISM, CISSP, CEH, CompTia Security+

Experience – 4-6 years hands-on ISO 27001. End to end audit planning, execution, and closure of non-compliances in DC and multi-cloud environment. identifications of process gaps, tracking till closure (gaps, risks). KPIs measurement/management. Tracking of closure of Advisories/Zero-day & patch testing with deployment. Governance/compliance as per NIST/ISO 27001 controls. Testing/validation of Information security controls, hand-holding Ops and SW apps team, Records management for the auditors, Secure SDLC experience/exposure  

Roles and responsibilities

·      Responsible for performing all Security internal audits & IT risk assessment activities, tracking till closure

·      Oversee formal risk assessment and self-assessments program for various Information Services systems and processes

·      Assist in planning for information security risk management, security incident management, Change Management, and overall information security requirements as per Information Security Policies of Organization

·      Ensuring hardening of servers/controls across all deployment platforms like DC, Mult-cloud (CIS Controls for Linux, windows for servers)

·      Keeping tab on implementation of various advisories/Patches/security update across all platforms and MIS/reporting

·      Record keeping for the purpose of compliance covering all types of IT/Info security audits

·      Weekly/Monthly advisory creation and dissemination across organization to educate users. The advisories will be based on Organization’s policies & latest development in cyber security and potential impact to Organization 

·      Information security training calendar creation and delivery management across all Organization’s function and locations

·      KPI/dashboard management

·      Responsible for update of the policies, procedures related to Information Security and privacy

·      Responsible for Initiating and advocating safe practices and Industry standards

• Strong knowledge of the requirement of Computer Applications and Network security technologies and principles
• Ensuring BCP-Drill annual calendar creation across Applications landscape, its Tracking, reporting in-line with BCMS policies of Organization