Job Description

Title: Manager - Information Security Compliance
Location: Ahmedabad
Exp: 5-7 Years

Educational Qualification:

Graduate/ postgraduate in Information security/ cyber security/ information technology/ computer science/ computer application

Professional Qualification:

Certified Information Security Manager (CISM) and ISO/ IEC 27001 Lead Implementer/ Auditor Certification specific to data privacy will be an added advantage.

:

Lead and drive Information security/ cyber security and data privacy implementation projects/ assignments for clients. Conduct cyber security maturity assessment with technical evaluation in a highly technical environment. Perform risk assessment, business impact analysis (BIA), Privacy Impact Assessment (PIA) and data protection impact assessment (DPIA) as per client's organization context. Drive and enhance third party risk management program. Lead and drive ISO/ IEC 27001 audit, SOC 2 Type 2 and other GRC framework/ standard/ regulation implementation/ assessment. Manage client communication, including documentation of requirement gathering, scoping, and deliverables. Lead, guide and mentor the team of GRC professionals. Track project deliverables and provide status updates to the management on a periodic basis.

Experience:

Five to seven years of dedicated experience in Governance, Risk and Compliance (GRC) domain with hands-on experience on implementation, technical assessment of requirements of standards/ frameworks/ regulations such as ISO/ IEC 27001, NIST, SOC2, CERT-IN, RBI, SEBI, IRDAI in highly technical environment. Prior experience in a consulting firm as a client-facing role. Proven experience in end-to-end implementation of GRC frameworks, development, and enforcement of policy/ strategy tailored to client needs. Exposure in DPDPA, PDPL, GDPR, NCA-ECC (Essential Cybersecurity Controls) and NCA-CCC (Cloud Cybersecurity Controls) will be an added advantage. Deep working knowledge of security solutions, technology platforms and controls such as identity and access management including privilege identity/ access management, active directory services, SIEM-SOAR, EDR/ XDR, cloud security, firewalls, IPS/ IDS, WAF, DDOS, Data leakage prevention, Mobile device management (MDM), virtualization. Deep working knowledge of Incident Management, Patch Management, VA/ PT, Change Management, Configuration Management Ability to validate effectiveness of implemented controls. Candidates with IT security background with above mentioned experience and exposure to manage and monitor compliance dashboard & posture through GRC tools will be preferred.

Desired attributes

Proven stakeholder management skills. * Excellent communication and presentation skills with the ability to articulate technical matters effectively to audiences in technical, non-technical and leadership capability.