Job Description

Job Title: Information Security Location: Mumbai, India Experience: 7 \xe2\x80\x93 12 years Notice Period: Immediate to 30 days (IF SERVING)
Our customer is leading financial/investment institutions, commercial banks.
Overview: As integral part of core IT team, responsible for: Information security management; Operational risk management; Information Security Governance; IT Vendor Risk management; IT Risk, audits & quality assurance; ISO 27001 and manage Information Security Technology solutions and contribute to enhance the security posture of the company.
Experience & Qualifications:

• 8 to 12 years in Information Security/ Cyber Security role.
• BE/BTech/MCA/Post-Graduate, Certification \xe2\x80\x93 ISO 27001 LA, Good to have: - CISA/CISSP/CISM

• Interact regularly with internal and external stake holders; drive and oversee development and implementation of risk assessment framework & InfoSec maturity enhancement across organization
• Knowledge of emerging Information Security and Cyber risks; controls and risk mitigation; conducting information security awareness program
• Drive and own Information Security Governance, Risk and Compliance initiatives. Implement and manage Information Security technology solutions.
• Developing a Security-First approach for the Application development team and drive the InfoSec framework within the application development framework.
• Conducting vendor risk audit, Information Security assessment and being part of various audits conducted by clients, regulators etc.
• Managing Information Security Projects: requirement gathering, coordination, Creation and maintenance of Project Plan, Project documentation, Implementation effective knowledge transfer.
• Having good communication and presentation skills.
• Ability to multitask and work well under pressure

• Develop and own information security framework, policies, procedure and SOPs
• Ensure information security compliance across the organization; conduct third-party vendor audit, InfoSec assessment, work as an auditee for clients and audits by regulators
• Incident identification, response and remediation; to work with managed SOC vendor.
• Ensure information security awareness across the organization; enhance overall security posture for organization; conduct mock drills etc.
• Experience/Knowledge in Infrastructure, network security, application & mobile security, malware analysis.
• Manage and maintain information security technology controls e.g- End-point security, EDR/XDR, ZTNA, WAF, WaaS, Firewall & IPS,
• Experience in threat management, vulnerability Assessment /Penetration testing Tools
• Ensure information security Risk assessment and risk mitigation
• Developing & execute cyber strategy roadmap, Be the Analyst-in-Chief for assessing any information security situation.

• VA/PT, Endpoint Security, Network Security, WAF, SOC, SIEM, ZTNA, SOAR ISMS, ITGC, Risk Management.
• Incident detection, response and remediation
• Information security Governance, Risk and Compliance; Document (Policy, Procedure, SOP) writing skills
• Skills on providing Information Security training
• Conducting InfoSec assessment, vendor risk audit and attending audits
• Experience on various IT service management standards such as ITIL and IS management standards like NIST, ISO 27001, ISO31000 and ISO22301