Owning all ISMS and PIMS risk and compliance processes by liaising with various Support functions like Technology, HR, Finance, Legal, etc. as well as Business functions to ensure that the organisation s processes, applications, and infrastructure comply with regulatory and industry security standards like ISO 27001:2013, BS 10012:2017 and GDPR by supporting a risk driven approach to make valuable recommendations on standardisation of processes and controls, and influence changes and decisions. The candidate will help achieve ISO 27001 and 27701 certification and drive continuous improvement of information security-related processes and meet the organization’s security requirements.
- Contribute to sustainable IT controls environment through involvement in key control activities.
- Coordinate with stakeholders at various office locations across India to ensure compliance and facilitate internal and external audits related to Information Security Management System (ISMS), Personal Information Management System (PIMS), and GDPR, like ISO 27001:2013, etc.
- Facilitate and liaise with various stakeholders to close all audit findings within the timeframe.
- Undertake periodic compliance reviews of InfoSec and Privacy controls for applications, network, and IT infrastructure of the organization, against defined policies.
- Provide periodic status reports to the management on the compliance status of the firm.
- Drive the remediation of IT control deficiencies.
- Assist in designing and establishing new security frameworks for various operational processes.
- Responsible for keeping updated the ISMS and PIMS policy/ procedure documents of the firm, after periodic review or any major changes in processes, and maintain an up-to-date repository of documents for the Information Security team.
- Drive InfoSec & Privacy awareness across the firm through training, awareness mailers, etc.
- Undertake Business Impact Assessment (BIA) exercise with various functions for identification of critical applications and their RTO/ RPO.
- Identify gaps in infrastructure related to cybersecurity and identify tools to mitigate the same.
- Drive the deployment and managing of security tools like email security, Endpoint DLP, VAPT, etc.
- Any other duties commensurate with the role.
- Should be Self-Starter.
EXPERTISE AND QUALIFICATIONS:
- In-depth knowledge (mandatory) of ISO 27001 and 27701 standards and control requirements (Lead Implementer).
- Min. 3 years relevant experience (mandatory) of working in information security and/ or data privacy field, or projects related to ISMS, PIMS, and GDPR.
- Understanding of ISO 22301 & ITIL (desirable).
- Experience in performing compliance assessments/ gap assessments vis- -vis IT controls.
- Exposure to, or at least a conceptual knowledge of, cloud environment security and VA/PT.
- Experience in dealing with all levels of management and across different teams/ multiple stakeholders; and managing conflicts.
- Understanding of cybersecurity and tools associated with it.
- Good written & verbal communication, and presentation skills.
- Highly independent, with high ethical standards and integrity.
- Excellent interpersonal and relationship-building skills.
- Bachelor’s Degree in IT or a related field is required; a Master’s would be a plus.