Location Name: Pune Corporate Office - Mantri
Job Purpose
Information security governance team member (with skip level reporting to CISO) who is proficient in information security risk assessments, understanding of regulatory requirements, drafting of ISMS and BCMS policies and procedures, monitoring Key Risk Indicators (KRIs) for information security governance across IT.
Duties And Responsibilities
A- Minimum required Accountabilities for this role
Experience in conducting information security audits for IT vendors.
Basic understanding of data privacy concepts and consent framework.
Managing information security risk framework inline with ISO 31000 framework
Discussion and follow up with risk owners to tracking risk mitigation actions.
Identification of new risks across IT landscape including cloud environment, outsourced environment etc.
Perform project specific risk assessment for IT projects.
Perform risk assessment related to emerging technologies.
Documentation and maintenance of policies and procedures as per ISMS and BCMS framework
Updating policies and procedures in line with regulatory requirements
Develop and monitor key risk indicators across IT environment in line with risk framework.
Information security awareness among stakeholders in line with risks
B- Additional Accountabilities Pertaining To The Role
Participation in management reporting and governance committee presentations
Assisting and co ordinating internal audits
Prepare management reports by collecting, analyzing, and summarizing information.
MOE (Measurement of Effectiveness): Collation of MOE data
Perform trend analysis as compare to outcome of previous values of KRIs
Key Decisions / Dimensions
- Identification of right contacts for get required data on time.
- Review the data and decide if the observations identified correct and complete.
- Review and decide if closure evidence shared are sufficient to close the audit observations.
- Decide if the policy and procedure documents need changes based on new regulations or audit outcomes.
Major Challenges
- Handling of fast changing regulatory expectations
- Handling of compliance expectations in stringent timelines
- Handling multiple stakeholders at a time
- Coordination with third party consultants who assist in auditing and compliance initiatives
Required Qualifications And Experience
Minimum qualification required is computer graduate with minimum of 4 Years of experience in information security
- Work Experience
- Knowledge & hands-on experience in information security risk assessments.
- Sound knowledge on ISMS & BCMS frameworks, regulatory guidelines related to IT and cyber for NBFCs
- Proficient in word, Excel, PowerPoint
- Experience in data analysis and report drafting.
- Experience in Project management.
- Positive attitude, Hard Worker and team player
- Excellent Communication and Leadership Skills
- Certifications like ISO 27001, CISA/CISM/CISSP would be an added advantage
