Job Description

Position Title, Responsibility Level Manager Function Global Technology (Information Security) Reports to AVP - Information Security Permanent/ Temporary Permanent Span of Control 1-2 Location Noida Basic Function Information security risk management, or ISRM, is the process of managing risks associated with the use of information, information systems and information technology. It involves identifying, assessing, and treating risks to the confidentiality, integrity, and availability of an organization\'s assets. The end goal of this process is to treat risks in accordance with an organization\'s overall risk tolerance. Businesses shouldn\'t expect to eliminate all risks rather, they should seek to identify and achieve an acceptable risk level for their organization. Essential Functions Risk & Policy Responsible for designing and continually enhancing risk management framework and methodology for maintaining an effective risk management Conduct Risk Assessments for Client business environments considering the information work flow, technology threats landscape, access methodologies Conduct Risk Assessments for Enterprise environments considering the information work flow, technology threats landscape, access methodologies Conduct Risk Assessments for Information Technology environment and solutions Conduct Risk Assessments for the Suppliers and recommend the decision for onboarding Design Risk Management Metrics for driving continual improvement Design new security policies and review the existing security policies Drive information security awareness program for employees Primary Internal Interactions Organizational Senior Leadership Team - Steering committee, Board, Audit Committee Client Business Operations Team Suppliers Security Personnel Technology Team SOC / VAPT / DLP / Malware Analysis / APT Team Internal Audits Teams Primary External Interactions Client Counterparts Auditors (Big 4s) Organizational Relationships Reports To : Sr. Manager Supervises : Supplier Security Team Skills Technical Skills Security Risk Identification and Assessment Technical Security Risk Assessments Knowledge of Encryption, Cyber Threat Vectors, ITGC controls Process Specific Skills Security Governance, IT Governance, Risk Compliance, IT Security, Lead Audit, System Audit, SOX Audit, Lead System Auditor Soft skills (Desired) Good Oral and written communication skills Good Presentation & Public speaking skills Creativity and Problem Solving Skills. Self-motivated and Self-driven Soft Skills (Minimum) Same as above Education Requirements Graduation One or more of the following certifications is desirable: CISA / CISM / CISSP / ISO27001 / CRISC Work Experience Requirements Total Experience: 10 - 12 years Information Security experience with relevant experience of 8-10 years running the Risk Management program in a multinational company at the organizational level.

Monster