Job Description

:

: Information Security Senior Manager, based at Bangalore

Responsibilities:

\xef\x82\xb7 Manage the enterprise Information Security Risk management program

\xef\x82\xb7 Perform Information security risk management/Audit activities in line with ISO 27001

\xef\x82\xb7 Develop and maintain information security policies, standards, and guidelines.

\xef\x82\xb7 Facilitate the information security risk assessment process, including the governance and reporting of risk mitigation efforts

\xef\x82\xb7 Perform risk assessment of technical solution / configuration / design architecture from security and data protection perspectives.

\xef\x82\xb7 Provide support for client security risk management processes and activities

\xef\x82\xb7 Interface with client\'s security and risk teams on assessments and reviews and manage Client/External security audits

\xef\x82\xb7 Manage security compliance initiatives and certification programs on ISO 27001, SOC 2, PCI DSS, HITRUST, etc.

\xef\x82\xb7 Carry out third party security management activities as needed

\xef\x82\xb7 Collaborate with business units and other support units

\xef\x82\xb7 Provide reporting on the information security program to relevant stakeholders

\xef\x82\xb7 Review RFP / RFI / MSA from information security and compliance requirements

Skills Required:

\xef\x82\xb7 Knowledge and practical application experience of information security \'best practices,\' such as ISO 27001/27002, PCI DSS, SOC, NIST standards, etc.

\xef\x82\xb7 Knowledge of various control and security risk management concepts and methodologies

\xef\x82\xb7 Understanding and experience of implementing and managing security compliance programs (Ex: SOC2, HITRUST, PCI -DSS, etc.)

\xef\x82\xb7 Working knowledge of security systems and applications and a strong foundation in various domains of information security

\xef\x82\xb7 Knowledge and experience in assessing cloud security infrastructure

\xef\x82\xb7 Ability to Communicate Security, risk, and control related concepts to a broad range of technical and non-technical staff both internal and external clients

\xef\x82\xb7 Understanding of organization structure, and ability to work effectively with internal support functions and operational areas

\xef\x82\xb7 Strong people management skills

\xef\x82\xb7 Good written, communication and presentation skills

Experience required:

Overall IT experience 10+ years with at least 8 years in Security Risk management and/or Audit management is recommended.

Qualification:

\xef\x82\xb7 Graduate / Post-Graduate / Diploma holder (Full time)/Engineer

Key pre-requisites:

\xef\x82\xb7 At least one major security certification (Ex: CISA, CISSP, CISM, CRISC,)

\xef\x82\xb7 ISO27001 LA and technical certifications are a plus.

Skills:

PRIMARY COMPETENCY : CRO PRIMARY SKILL : Security PRIMARY SKILL PERCENTAGE : 70 SECONDARY COMPETENCY : CRO SECONDARY SKILL : Audits SECONDARY SKILL PERCENTAGE : 20 TERTIARY COMPETENCY : CRO TERTIARY SKILL : BCP TERTIARY SKILL PERCENTAGE : 10

About Company:

Mphasis is a leading IT solutions provider, offering Applications, Business Process Outsourcing (BPO) and Infrastructure services globally through a combination of technology knowhow, domain and process expertise. The accolades we have been garnering can be attributed to our undeterred focus in delivering quality solutions across verticals that meet the challenging requirements of our esteemed customers. We have been recently felicitated by the economic times as the most distinguished digital company 2015. We have also been ranked 29 of 100 largest financial technology vendors by American Banker and BAI in the FinTech Forward Top 100 rankings.

Mphasis