Job Description

JOB DESCRIPTION

POSITION NAME

Information Security Manager

DEPARTMENT

Information Security

REPORTING POSITION

CISO

OBJECTIVE OF THE ROLE

To manage Information Security Governance, Risk and Compliance Management Program to ensure

\xc2\xb7 Compliance with Regulatory Requirements

\xc2\xb7 Pro-actively identifying & providing InfoSec Risks for new Business Requests

\xc2\xb7 Effective drive and govern Information & Cyber Security Program to monitor continuous improvements

KEY RESPONSIBILITIES

\xc2\xb7 Definition and Revision of Information and Cyber Security Policies, Processes, Standards & Guidelines

\xc2\xb7 Building & Maintaining Risk Management Program

\xc2\xb7 Managing Vendor Risk Management Program

\xc2\xb7 Building and Governance of Information and Cyber Security Assurance Program

\xc2\xb7 Managing Internal & External Audits and compliance activities

\xc2\xb7 Handling user requests to proactively identify and provide InfoSec requirements at the initial stage of activity / project (e.g. vendor engagements, confidential data requests, risk assessment etc.)

\xc2\xb7 Management of Exception Handling Process

\xc2\xb7 Guide stakeholders for remediation of Information Security observations

\xc2\xb7 Definition SOPs / Manuals for Information Security activities

\xc2\xb7 Identify new initiatives, security controls (technical / procedural) improvement areas in InfoSec Program

\xc2\xb7 Conduct POCs for new Security Solutions, implementation of new Security Practices / Processes / Controls across organization

\xc2\xb7 Ensure compliance with Information Security Policies & Processes

\xc2\xb7 Ensure Team is always audit / compliance ready

\xc2\xb7 Development & Implementation of User Awareness Program

\xc2\xb7 Supporting CISO to conduct Information Security Committee Meetings

\xc2\xb7 Work as a Subject Matter Expert for CISO

\xc2\xb7 Manage Outsource resources & developing skilled team resources Adequate knowledge on the VAPT, application security and other security testing\'s

INTERACTIONS

Internal Relations:

IT, Legal & Compliance, PARM, Business Teams, Internal Auditors

External Relations:

Information Security Service Providers / Vendors

IT / Business Team Vendors

Auditors

REQUIRED QUALIFICATION AND SKILLS

Educational Qualifications:

B.E. / B. Tech

Work Experience:

4 to 8 Years of relevant experience in Information Security Activities

Certifications:

CCNA, MCSA, CEH, ISO27001, CISM, CISA, CISSP,etc(Good to have)

Other skill set:

\xc2\xb7 Should have good technical knowledge of various platforms / technologies and security controls

\xc2\xb7 Experience of successfully managing and delivering IT risk and controls assessments

\xc2\xb7 Should have technical, analytical and problem-solving skills in order to assess requirements, identify potential risks, mitigating security controls and documenting residual risk

\xc2\xb7 Should have good Governance Skills

\xc2\xb7 Should have good knowledge of ISO27001, IRDA, IT Act, Data Privacy Law & other regulatory requirements

\xc2\xb7 Experience on implementing regulatory / compliance / policy requirements and ensuring compliance

\xc2\xb7 Experience in conducting classroom user awareness sessions

\xc2\xb7 Managing the assigned resources with effective delegation

\xc2\xb7 Should have Team and Vendor Management Experience

\xc2\xb7 Should have good communication skills to clearly communicate requirements to technical and non-technical stakeholders from across the business and all levels of seniority

Kotak Mahindra Life Insurance