Associate Process Manager

Internal Mapping Vertical Shared Services Program IIS Process ISG (Information Security Group) Role Process Manager Level Process Manager Reporting Manager APGM (Associate Program Manager) Location Chandigarh Team Size   Candidate Profile

 

 

Work Experience

Minimum Exp 1 year Maximum Exp 5 years Min. Relevant Exp -

 

Other Comments

• Relevant experience in implementing the policies of the Information  Security and Managing auditand compliance on timelybasis.
• Skill set : Internal Audit,Information Security audit, ISO 27001,SSAE 18,   PCIDSS, Incident management, and Riskassessment , Cyber Security

 

 

Skills / Experie nce Require d

 

 

 

 

Must have

• Graduate or B.Tech / B.E / M.Tech / MCA / PG Diploma in Computer Science /Electronics / Telecommunication / Other engineering streams
• Experience of managing team
• Worked in IS/IT Risk Management
• Knowledge of technical domains such as network security, application security, security control evaluation, legal and compliance, data privacy, environmental security, cryptography.
• Strong auditing skills with grip on vendor risk assessment, internal audits, compliance audits
• Certifications eitherof CISA/CISM/CRISC/ISO27001:2013 LA.
• Understanding of ITInfra and Technologies
• Audit, clientcompliance and governance
• Problem solving skills and pragmatic approach towards work
• Practical knowledge on implementation of Information Security framework and controls
• Experience in drafting Information security policies, preparing Audit plan, checklists & reports
• Proficient in MS office applications

Good to have

• CI DSS,Risk assessment, Riskmanagement
• Knowledge on data privacy laws/ regulations like GDPR, CCPA, etc.
• Knowledge aboutIS/IT Governance
• Knowledge about Business Continuity Management
• Knowledge about SIEM technology, Cyber Security & VAPT

 

 

 

Key Competencies

 

Technology -1

Having exposure and good understanding of:

• Information Security Standards - ISO 27001, PCI DSS, SSAE 18, ISO 22301
• Information Security Audits of IT Infrastructure
• Data privacy laws/ regulations –GDPR, CCPA, EU Act, IT ACT
• ITGC

 

Technology -2

Exposure any of the following technology core technology platforms –

• Security Operation Command Centre
• SIEM, DLP, EDR, Cyber security
• CISA, CISM, CRISC

   People

• Good written and verbal communication skills
• Good analytical and logical reasoning skills
• Client relationship management and expectations managementAbility to work well in teams and independently as per work requirement
• Self-motivated to carry out research and learn newer technologies and identify demandgaps in marketand identify possible solutions
• Drive a culture of innovation, continuous improvement, skill development and excellence in various technology and business processes.

Roles & Responsibilities (Job Responsibilities)

• Responsible for the Implementation, execution and monitoring of Internal audits, Risk Management, Client audits & compliances, IT Governance audits, Vendor audits, Information security incident management and Information security training and awareness in the organization
• Represent organization during External/Client audits
• Provide guidance and global perspective to the development and annual updating of information security policies, standards, baselines, and procedures and align themwith ISO 27001 standards, Security / data privacy regulation and best practices followed in the industry
• Responsible to develop Internal audit plan for the year and monitoring and tracking the identified gaps till closures
• Preparing audit checklist and audit report
• Performing risk assessments of functions, processes, infrastructure, and facilities which includes identifying threats, vulnerabilities, and compensation controls developing a risk profile for the assessed environment, and developing a risk reduction plan for theenvironment
• Understand client compliance requirements affecting and required for information security, ensure related compliance requirements are being met and provide compliance reporting artifacts in support of regulatory exams
• Proof readingof the clientMSA and extracting information security requirements from it andcommunicating it to the relevant stakeholder for the commission of business set up
• Scrubbing MSA to identify the auditable areaand to prepareauditable checklist fromit
• Continuous monitoring of clientcompliances by conducting various internal auditand governance activities giving guidance and forming checklist for the team to carry out theseactivates
• Conducting the vendor audits
• Conducting orientation & training programs and presenting information

security awareness to new joiners and taking refresher training for the existing employees to meet organization security posture

• Promote awareness in the organization throughmailers, screensavers, putting up posters, conducing quiz etc. Identifying and driving new Information Security projects that help in improving information security posture in the organization