Information Security lead(security controls, risk assessment , Governance)- Manager/Sr. Manager
1 Nos.
43065
Full Time
10.0 Year(s) To 12.0 Year(s)
25.00 LPA TO 25.00 LPA
IT Infrastructure & IT Security / Support
Legal/Law
B.Tech/B.E. - Computers; MCA - Computers
Job Description:
Job Title: Infosec Lead
Department: IT
Level/Designation Manager/Sr. Manager
Position Type: Full Time
Job Overview
This role is responsible for implementing processes such as GRC to automate and continuously monitor the information security controls, risks, etc. Evaluates the firm to ensure compliance with security standards and
relevance with industry security norms.
ROLE AND RESPONSIBILITIES
- Provide a bullet point list of the responsibilities and duties of this job.
- Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns with business objectives.
- Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting
- metrics, dashboards, and evidence artifacts.
- Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves firm’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting personal and client data assets.
- Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
- Assists other staff in the management and oversight of security program functions.
- Trains, guides, and acts as a resource on security assessment functions to other departments within the firm.
- Remains current on best practices and technological advancements and acts as the firm’s resource for security assessment and regulatory compliance.
QUALIFICATIONS AND EDUCATION REQUIREMENTS
Provide a bullet point list of the qualifications that are necessary for someone at this position.
• EDUCATION LEVEL
BE/ Btech / MCA/ Graduation in computer science or similar stream
• EXPERIENCE
BE/ Btech / MCA/ Graduation in computer science or similar stream
• EXPERIENCE
10-12 years relevant experience
? Knowledge of –
1. Applicable information security certification, management, governance, and compliance principles, practices, laws, rules, and regulations
2. Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols
3. Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration
4. Information systems auditing, monitoring, controlling, and assessment process
5. Risk assessment, Incident response and management methodology.
• SPECIFIC SKILLS-
Developing and implementing enterprise governance, risk, and compliance strategy and solutions
Researching and locating information related to internal and external organizations using online and other sources
Security project management and planning while maintaining confidentiality
Working with diverse academic and cultural ethnic backgrounds of retainer, staff, consultant, third party providers
• PERSONAL CHARACTERISTICS-
Work independently and prioritize multiple tasks and adapt to needed changes
Effectively communicate technical issues to diverse audiences, both in writing and verbally
Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process
Evaluate and update and/or revise program materials. Handle sensitive and confidential matters, situations, and data. Understand and follow broad and complex instructions
Interact positively with users, firm management, vendor, and regulatory agencies in order to enhance effectiveness and to promote quality service
Comprehend technical language and to confer, analyze and write in an objective, lucid manner.
Remain calm under high pressure/difficult situations.
• CERTIFICATIONS
CISA, CISM, ISO 27001 certification, desired • LICENSES
None
Company Profile
One of the best corporate law firms in India, provides top commercial legal advice and services. Founded in 2000, it has become one of India's, It is a law firm based in India. It has over 300 lawyers across four offices in Bangalore, Mumbai, New Delhi and Gurgaon.
Apply Now
- Interested candidates are requested to apply for this job.
- Recruiters will evaluate your candidature and will get in touch with you.