Information Security Manager

Location: Bengaluru,Karnataka,India

About Us

Exotel is the emerging market’s leading full-stack customer engagement platform and business-focused virtual telecom operator. Incorporated in 2011, Exotel’s cloud-based product suite powers 50 million daily engagements across voice, video and messaging channels. Exotel powers unified customer engagement to over 6000 companies in 60+ countries, including India, SE Asia, the Middle East, and Africa.
Today, some of the fastest-growing companies in the emerging markets (Ola, Swiggy, Flipkart, GoJek, Byju’s, Urban Company, HDFC Bank, Zomato, Oyo, etc.) manage their customer engagement with Exotel’s suite of a communication API, Ameyo’s omnichannel contact centre (merger), and Cogno AI‘s conversational AI platform (acquisition) over the cloud. They’re a $100 million Series D funded company with $60 million in ARR.

 

About the Role

 

Exotel requires an experienced resource, to be part of the Security Group, and play an integral role in the overall development and management of ISO 27001 & other relevant certification program such as GDPR, SOC2, and PCI-DSS at Exotel

 

What do we look for?

 

• Demonstrates proven expertise and success in a role leading and collaborating directly with senior management, delivery, practice development and thought leadership related to Information Security solution development, assessment and implementation.

• Demonstrates proven expertise and success managing project work streams in system security, controls or information security management environment.

• Support sales team in completing RFP’s, participating in customer calls & providing end-end support towards onboarding of new customers.

• Conduct ISO 27001 Internal Security Audits & handling external certification audits/customer audits. Closure of reported NCs with appropriate corrective actions.

• Conducting gap assessments wrt. ISO 27001 standard & provide continuous improvement to management system

• Conduct risk assessments for departments and support risk remediation

• Good Knowledge of VAPT & help the team in the remediation of findings

• Handling Incident Management, Media/Asset Management, Change Management, BCP, Patch management, Log review, and Physical & HR security-related requirements.

• Handling other security-related projects not limited to GDPR, SOC 2, PCI-DSS & other projects as directed by Management.

• Prior experience in handling a small team

 

Qualifications

 

• 8 + years of experience in information security

• Understanding of ISO 27001, GDPR, SOC2, PCI-DSS & other various security frameworks.

• Focused personality, with a demonstrated ability to take initiative, successfully handle and prioritize multiple competing assignments and effectively manage deadlines

• Experience in understanding and deploying risk management frameworks

• Should hold certifications (More than 1) such as ISO 27001 LA, ISO 27001 LI, GDPR, SOC2, PCI-DSS

 

What you will do?

 

• Security Operations: Overseeing the day-to-day security operations, including monitoring and analyzing security logs, managing security incidents, and ensuring compliance with security policies and procedures.

• Risk Management: Assessing and managing security risks by conducting risk assessments, identifying potential vulnerabilities, and implementing risk mitigation strategies.

• Security Architecture: Collaborating with the IT architecture team to design and implement secure IT infrastructure, systems, and applications. This includes evaluating and selecting security technologies, conducting security reviews, and ensuring the integration of security controls into the overall architecture.

• Compliance and Audit: Ensuring compliance with ISO 27001/SOC 2/GDPR/PCI DSS, security standards, regulations, and industry best practices. This involves conducting regular security audits, coordinating with internal and external auditors, and addressing any identified security gaps or non-compliance issues.

• Vendor Management: Evaluating and managing relationships with third-party vendors and service providers to ensure their security practices align with the organization's requirements and standards.

• Incident Reporting and Communication: Preparing and presenting reports on security incidents, trends, and metrics to senior management and other stakeholders. This includes providing recommendations for improving security posture and addressing any identified weaknesses.

• Continuous Improvement: Staying updated with the latest security threats, technologies, and industry trends to continuously improve the organization's security posture. This may involve participating in industry forums, attending conferences, and pursuing relevant certifications.

• Regulatory Compliance: Knowledge of ISO   SAR-DL, IRDA, SEBI, RBI Master Guidelines, IRDA related requirements.

• Cloud Computing: Knowledge of security controls of AWS / Microsoft Azure / GCP will be an added advantage.

• Certification: Professional security management certification likeCISSP, CBCI, ISO 27001 Lead Auditor / Lead Implementer Certification) will be an added advantage.

 

Apply to this job