Job Description
Senior Manager - Information Security
Experience: 12+ years
Location: Chennai
Candidate Profile:
Should have in-depth understanding of ISO 27001:2013, ISO 27001:2022, GDPR, DPDP Act, and other equivalent standards and Information Security Management System (ISMS) implementation for the organization.
Should be well versed with firewalls, proxies, SIEM, antivirus, and IDPS concepts. Should have decent understanding of Application Security.
Should know Cloud Security best practices and assessment (crypto specifics HSM & Vaults).
Should have strong understanding of NIS2, MITRE ATT&CK Framework, OWASP Standards, etc.
Should be able to:
- Formulate new and evolve existing policies with respect to changing technologies and business dynamics
- Understand business needs and risks assessment, in order to ensure appropriate security controls
- Perform effective ISMS audits on IT Projects, internal systems and third-party audits, w.r.t., ISO 27001:2022, NIS2, MITRE ATT&CK Framework, OWASP Standards as required in order to maintain compliance and certifications
- Coordinate the information security compliance initiatives across the organization
- Work with organizational Functions/Delivery accounts to ensure employees are aware of information security issues, are trained in information and data security best practices, and are practicing safe/secure data collection, data transfers and storage, and use of social media, mobile devices, and apps, among others
- Work with Support functions in managing and improvising the information security management system, by monitoring internal systems to ensure that appropriate controls are maintained
- Track, report and escalate violations of information security policy
- Investigate Information Security incidents and data breaches, and implement additional controls as and when necessary
- Building awareness and competences in the area of Information Security and Data Protection for new and existing employees
- Strong understanding of privacy regulations such as GDPR, Draft India Data Protection Bill and privacy frameworks
- Should have experience in at least 3 end to end privacy assessment & implementation projects (GDPR, DPDP, other country specific regulations)
- Interview client stakeholders and develop project artifacts such as Privacy Impact analysis, data flow diagrams & identify gaps
- Experience in implementation and use of privacy enhancing technologies and design of data privacy framework.
Qualifications
B. Tech., Science Graduate
Additional Information
At our organization, we are committed to fighting against all forms of discrimination. We foster a work environment that is inclusive and respectful of all differences.
All of our positions are open to people with disabilities.
