Job Description

:

Manager \xe2\x80\x93 Corporate IT (Information Security Compliance & Governance), Godrej Industries Ltd & Associate Companies

ABOUT GILAC

We, as part of the Godrej Group, are a group of 5 companies touching the lives of 500 million Indians every day. Godrej Industries Ltd is a holding company for the associated companies. Established in 1897, we are proud of our journey through these 125 years. Our growth has crossed Indian boundaries, with operations in Asia, Africa and Latin America, which are the key focus international markets outside India. Today, we enjoy the patronage of 1.1 billion consumers globally across consumer goods, real estate, appliances, agriculture, and many other businesses. With a revenue of over USD 4.1 billion we are growing fast, and have exciting, ambitious aspirations. Our Vision for 2020 is to be 10 times the size we were in 2010. To find out more, explore www.godrej.com

CORPORATE IT

The Corporate IT Cell is a shared service that provides technology & information security support to the group companies. The cell works as a business partner for our businesses and functions to provide proactive technology solutions and support in meeting the business strategy. The team has an impressive track record of Managing Global Infrastructure and Information Security /Cybersecurity across all Bus encompassing management of enterprise datacenter and DR, Cloud migration & support, Global Network Infrastructure, Security Operations, End User Support, and IT Service Operations. Corporate IT Team is responsible for formulating and implementing Group policies / guidelines on Cyber Security, Network, Cloud Infrastructure etc.

YOUR ROLE SUMMARY

In this role, you will be part of the Information Security Team responsible for managing key aspects of Information Security process governance & adherence across GILAC. This encompasses defining and embedding best practice information security policies, standards and processes based on ISO 27001, NIST Cyber Security Framework, IT Act 2000, Digital Personal Data Protection Laws etc. Reporting to the Head of Corporate IT, this role will principally advise and enable business and technical teams to make security decisions and ensure effective adherence of defined policies, processes, and tools. You will have a proactive responsibility to assist in the delivery of secure systems and implement proportionate controls by working with various teams and 3rd party vendors. This role also requires informing users about security measures, explain potential threats, implement information security related processes, solutions & control and monitor effectiveness of these controls.

You will partner with BU teams to execute projects and provide support in aid of implementing business specific security solution. The Manager-Corporate IT is responsible for ensuring ISO 27001 certifications across all GILAC business units which includes comprehensive documentations for RA/RT, Risk Register, SOA, Preventive & Corrective actions etc. The role is broadly split between providing day to day operational support and project-based work leading to the development and deployment of new information/cyber security services. This position requires good information and cybersecurity skillsets with a strong track record of success in executing projects within timelines and budgets

YOUR ROLE SPECIFICATIONS

• Implement ISO 27001 & NIST framework and Information Security Management System (ISMS)
• Develop and manage complete set of corporate Information Security policies and standards and continually monitoring the information security controls, KRIs/KPIs
• Lead on compliance reviews, certifications and accreditations (e.g. ISO27001, NIST Maturity Assessments)
• Develop, manage & own the Information security compliance frameworks, documentation of security policies and procedures, where necessary
• Identify, communicate, and manage current and emerging security threats with relevant stakeholders.
• Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices
• Work with Security partners, to conduct and review regular security assessments (VA/PT) and ensure closure of findings in time along with BU IT teams
• Periodic audit and review of process adherence vis a vis organization\xe2\x80\x99s Info security policies across functions and locations
• Help to develop communications and actively promote related campaigns and training for Information Security awareness

TEAM STRUCTURE

The position reports to Head Corporate IT and will be supported by outsourced team

WE SEE YOUR CAREER PATH AS\xe2\x80\xa6

As a Corporate IT team member, you will get exposure to work in different IT sub functions based on your interest and performance seen by the management

QUALIFICATION

• Educational Qualification: Graduate
• Professional Certification: CISSP, CISM, CISA, NIST, CEH, ISO 27001 Lead Auditor
• 8 \xe2\x80\x9310 years of Information Security experience in large enterprise or consulting organizations
• Applicants with hands on experience in implementing and Managing ISMS for a large manufacturing/ FMCG/retail sector would be ideal

SKILLS REQUIRED

• Comprehensive understanding of Information Security Frameworks (e.g. ISO 27001, NIST CSF, Data Privacy, IT Act etc
• Monitoring and reporting on compliance with security and data protection policies, as well as the enforcement of policies
• Comprehensive documentation and process mapping for ISO 27001 Certification
• Knowledge in Security Domains: (Network Security, Endpoint Security, EDR, Data Security, SIEM, DLP, SOAR, Deception, Threat Hunting, Cloud Security, IAM)
• Ability to drive Information Security initiatives and manage vendors & outsourced teams
• Self-driven and proactive
• Ability to articulate problem statements and provide alternative solutions
• Prepare periodic security operations reports with KPIs/KRIs and metrices

Godrej & Boyce