Job Title/Designation: Information Security Manager
Experience: 8-12 yrs
What will you be doing?
ISM will be responsible for protecting the organisation Technology resources and information assets by:
- This is a Non Functional test Engineer role who can design and execute the end to end Test plan for a module/component. Would participate in the tool POC, test design, execution & result analysis for the Product.
- Ensuring strategic alignment of information security in support of business objectives
- Ensuring confidentiality, integrity, auditability of the Information assets
- Ensuring compliance to various standards like ISO 27001 and other applicable regulations
Duties and Responsibilities:
Incumbent will carry out the following functions:
Information Security Governance:
Establish and maintain a framework to provided assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.
- Define and elaborate the information security strategy in support of the business strategy and direction
- Identity current and potential legal and regulatory issues affecting information security and assess their impact
- Establish and maintain information security policies that support business goals and objectives
Identify and manage information security risks to achieve business objectives:
- Develop systematic, analytical and continuous risk management process
- Ensure that risk identification, analysis and mitigation activities are integrated in projects and processes life cycle
- Identify and analyze risks through suitable and recommended methods
Information Security Programme Management:
Design, elaborate and manage information security programme to implement the information security governance framework.
- Establish and maintain plans to implement the information security governance framework
- Define annual information security budget
- Manage the information security budget in implementing the information security programme
Information Security Management:
Oversee and direct information security activities to execute the information security programme.
- Lead the plan, organize, assign, supervise and monitor the work of other team members where ever necessary
- Ensure that the rules of use for information systems and the administrative procedures for information systems comply with the information security policies
- Ensure that services provided by other enterprises, including outsourced providers are consistent with established information security policies
- Response Management: Establish and manage capability to response to and recover from disruptive and destructive information systems events
- Design, and implement processes for detecting and analysing security related events
- Develop response and recovery plans like organizing, training, and equipping teams
- Ensure periodic testing of the response and recovery plans where appropriate
Who are we looking for?
- Preferably 8 years of relevant post qualification experience, with at least three (3) years of demonstrated IT Security Management at IT infrastructure and IT applications
- Mixed managerial, analytical and technical skills, and knowledge in all aspects of computer security in multi IT areas: database, development, network, operating systems, IT security, specific applications security, Cloud Security etc
- Good understanding and writing skills of computer systems security strategies, policies
- Good Knowledge of risk assessment processes
- Good understanding of current legal and regulatory requirements relating to information security and privacy – ISO17799/BS 7799, ISO 27001-2013
- Up to date knowledge of information security; industry certifications covering information security are added advantages – CISSP, CISM, CISA, CCSP