Division: ITIS
Department: ITSEC
Job Location: MSIL Gurgaon
Job Role: Information Security Program Manager
Level in the organization: DM/MGR
Educational Qualification
Graduation (With Specialization): B.Tech (Any specialization)
Post Graduation (With Specialization): Full time MBA Preferred (Any specialization)
Any Other (Certification / Diploma etc.): CISSP/ CISA/ CRISC/ ISO 27001 LA/LI/ CDPSE/CIPM
Work Experience (Years): 5 to 10 years
Job Responsibilities
- To devise the security strategy, roadmap plan based on risk applicable for MSIL.
- To sustain information security management system and transition from ISO 27001:2013 to ISO 27001:2022.
- To ensure IT and security (ISO 27001, ITGC etc) related compliance are adhered in MSIL.
- Responsible for planning and ensuring audit observations are closed.
- The job responsibilities include extensive partnering with the IT Infrastructure, Application development team, business stakeholders and providers/vendors, to maintain compliance and security and further improve security controls applicable at various levels of organization.
- Identify, communicate and manage current and emerging security threats with relevant stakeholders.
- Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices.
- Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
- Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals.
- The role requires strong understanding of Security governance and compliance along with technical controls understanding.
Competencies / Skills
- Good business acumen and learner
- Proactive and ownership driven individuals
- Should have experience in process improvements and driving new process improvements.
- IT skills, understanding of ISO 27001, ITIL, NIST CSF framework, Cyber security and Information Security Technology, ITGC in general
- Should have established ISMS or worked on entire ISMS lifecycle
- Experience in Security Audits (min 2 years)
- Should have security certification such as CISA, CISSP, CRISC. ISO 27001 LA/LI
- Experience in area of GRC, Application Security
- Knowledge / exposure to GDPR/PDPB
- Excellent communication skills including presentation & business writing to communicate security risks at various levels.
- Good Change and Conflict management skills
- Networking and influencing skills
- Excellent personal and time management skills
- Team Player
- Strong project management and stakeholder management
