Job Description

JOB DESCRIPTION

POSITION NAME

Information Security Manager

DEPARTMENT

Information Security

REPORTING POSITION

CISO

OBJECTIVE OF THE ROLE

To manage Information Security Governance, Risk and Compliance Management Program to ensure

Compliance with Regulatory Requirements

Pro-actively identifying & providing InfoSec Risks for new Business Requests

Effective drive and govern Information & Cyber Security Program to monitor continuous improvements

KEY RESPONSIBILITIES

Definition and Revision of Information and Cyber Security Policies, Processes, Standards & Guidelines

Building & Maintaining Risk Management Program

Managing Vendor Risk Management Program

Building and Governance of Information and Cyber Security Assurance Program

Managing Internal & External Audits and compliance activities

Handling user requests to proactively identify and provide InfoSec requirements at the initial stage of activity / project (e.g. vendor engagements, confidential data requests, risk assessment etc.)

Management of Exception Handling Process

Guide stakeholders for remediation of Information Security observations

Definition SOPs / Manuals for Information Security activities

Identify new initiatives, security controls (technical / procedural) improvement areas in InfoSec Program

Conduct POCs for new Security Solutions, implementation of new Security Practices / Processes / Controls across organization

Ensure compliance with Information Security Policies & Processes

Ensure Team is always audit / compliance ready

Development & Implementation of User Awareness Program

Supporting CISO to conduct Information Security Committee Meetings

Work as a Subject Matter Expert for CISO

Manage Outsource resources & developing skilled team resources Adequate knowledge on the VAPT, application security and other security testing\'s

INTERACTIONS

Internal Relations:

IT, Legal & Compliance, PARM, Business Teams, Internal Auditors

External Relations:

Information Security Service Providers / Vendors

IT / Business Team Vendors

Auditors

REQUIRED QUALIFICATION AND SKILLS

Educational Qualifications:

B.E. / B. Tech

Work Experience:

4 to 8 Years of relevant experience in Information Security Activities

Certifications:

CCNA, MCSA, CEH, ISO27001, CISM, CISA, CISSP,etc(Good to have)

Other skill set:

Should have good technical knowledge of various platforms / technologies and security controls

Experience of successfully managing and delivering IT risk and controls assessments

Should have technical, analytical and problem-solving skills in order to assess requirements, identify potential risks, mitigating security controls and documenting residual risk

Should have good Governance Skills

Should have good knowledge of ISO27001, IRDA, IT Act, Data Privacy Law & other regulatory requirements

Experience on implementing regulatory / compliance / policy requirements and ensuring compliance

Experience in conducting classroom user awareness sessions

Managing the assigned resources with effective delegation

Should have Team and Vendor Management Experience

Should have good communication skills to clearly communicate requirements to technical and non-technical stakeholders from across the business and all levels of seniority

Kotak Mahindra Life Insurance