Information Security Manager

Job Purpose: Acting in a key technical management & execution capacity to provide a conduit betweenIT teams and key business stakeholders in your functional area of IT Security to ensure information technology needs are managed consistently following professional IT and globalstandards and delivered with a high level of quality and customer satisfaction.

Reward level: Middle Management

Job Location Gurgaon

Experience 10 years

Relevant Experience 7 years

Reporting to: General Manager

Qualification: Bachelor degree in IT

Key Deliverables:

• Provide support as Lead auditor towards ISMS and PIMS policies procedures and guidelines and perform regular review and update.
• Perform deep assessment to gather evidence of continuous compliance with ISO 27001:2022 and ISO 27701:2019 DPDPA IT Act and Cert In Regulation including audit logs records of reviews timely closure of open audit and risks and sharing the report with management.
• Conduct regular documented information security and privacy risk assessments identifying assets threats vulnerabilities likelihood and impact with stakeholders.
• Prioritize identified vulnerabilities detailed findings remediation recommendations trending reports on vulnerability posture towards closure with stakeholders.
• Development and implementation of a comprehensive ongoing security awareness and training program for all employees.
• Encourage secure behaviours among colleagues and reinforce the importance of information security and privacy in daily operations.
• Prepare regular report on overall information security posture GRC maturity and risk landscape to relevant stakeholders
• Ability to collect lessons learned from incidents audits and assessments to drive continuous improvement in ISMS/PIMS and security processes.
• 
  
• Key Relationships

1. Internal IT and business customers.
2. Global IT Vendor market and global (HQ) colleagues Local vendor partners
3. Internal staff - direct reports (where applicable)

IT vendors contractors (where applicable)

1. Knowledge Skills and Abilities:
2. Must possess and demonstrate ISO 27001 Lead Implementer/Auditor and ISO 27701 Lead Implementer/Auditor certifications and knowledge.
3. In depth understanding of IT Act DPDPA Cert In regulations CIS Controls as well as UK DPA and ISO 31000
4. Good to have certification on CISM (Certified Information Security Manager) CISSP (Certified Information Systems Security Professional) and Cloud Security certifications (e.g. CCSK CCSP vendor-specific like AWS Security Specialty)
5. Familiarity with common vulnerability scanning tools like Qualys (features reporting agent-based vs. network scans) and Cloud Security Posture Management (CSPM) tools like Wiz (cloud service provider configurations misconfigurations compliance checks in AWS Azure GCP).
6. Understanding of various penetration testing types (e.g. network web application API mobile cloud) and methodologies
7. Knowledge of common attack vectors and exploitation techniques like MITRE ATTACK and DEFEND framework.
8. Basic to intermediate knowledge of common security controls and technologies (e.g. firewalls EDR Cloud Security VAPT tools SIEM WAF DLP encryption).
9. Understanding of network protocols operating systems (Windows Linux) and common application architectures.
10. Knowledge of audit principles and practices (internal and external audits).
11. Understanding of corrective action planning and non-conformity management.
12. Understanding of third-party risk management principles and vendor due diligence processes.
13. Excellent technical writing skills for creating clear concise and comprehensive security policies standards and procedures.
14. Ability to analyse complex risk data and present actionable insights.
15. Hands-on experience with Qualys for configuring scans analysing reports and managing vulnerabilities.
16. Hands-on experience with Wiz CSPM for monitoring cloud environments identifying misconfigurations and generating compliance reports.
17. Proficiency with GRC platforms or tools for managing policies risks and controls
18. Exceptional verbal and written communication skills to articulate complex security concepts to technical and non-technical stakeholders
19. Ability to build strong relationships and collaborate effectively with diverse teams (IT Legal HR Development Business Units).
20. Skills in influencing behaviour and driving change across the organization to improve security posture.
21. Strong analytical skills to diagnose security issues identify root causes and develop effective solutions.
22. Ability to critically evaluate security controls and identify gaps.
23. Contract review and negotiation skills specifically for security-related services.
24. Ability to effectively manage vendor relationships and performance.
25. Ability to develop and deliver engaging security training sessions and awareness campaigns.
26. Ability to stay updated with the latest security threats vulnerabilities technologies and regulatory changes.
27. Capacity to quickly learn and adapt to new tools and methodologies.
28. Meticulous attention to detail in policy creation audit documentation and vulnerability analysis.
29. Ability to act calmly and effectively during security incidents and contribute to incident response efforts.

mail updated resume with salary details-

email:

satish: 88O2749743