Senior Manager - Information Security & Third-Party Risk Management

Job Title : Senior Manager - Information Security & Third-Party Risk Management

Location : Gurgaon

Experience : Minimum of 7-9 years

Skills :

High on Integrity, courage, professionalism.

Strong writing and verbal communication skills.

Excellent commercial understanding and negotiation skills.

Strong relationship management skills with key business clients and partners.

Ability to control and ensure delivery.

Competencies: Analytical thinking, problem solving, makes sound business judgment, communicates effectively, and builds relationships.

Job Description :

Develops, operates and manages comprehensive Information Security strategies, standards, policies and programs to assess, prioritize and mitigate business risk

Leads the review and formal approval process for Policy updates. Ensures Information Security Policy and Standard documents meet or exceed industry standards and compliance.

Assesses and manages the adequacy of the mitigation and remediation plans of known cyber security vulnerabilities and threats, aligning with the Information Security Governance & Risk Management (ISGRM) risk framework and processes.

Ensures any risk is identified, articulated and escalated through standard governance, mitigated and communicated to all stakeholders.

Owns, defines, leads and delivers information security governance across technologies, departments and data assets.

Ensures any risk is identified, articulated and escalated through standard governance, mitigated and communicated to all stakeholders.

Engages in preparation of and participates in external and internal compliance audits (PCI DSS, NIST, ISO 27001:2013, etc.).

Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations.

Interface with CERT-In for vulnerabilities and advisories and communicate the same with internal stakeholders.

Manage the Information Security Awareness Program and conduct phishing simulation and tabletop exercise in the organization.

Assist in the preparation of deliverable for InfoSec Committee Meetings held quarterly.

Lead third party risk management program for external vendors on the end to end basis the annual calendar, review the evidence and workpapers and lead the discussion of observations with relevant stakeholders.

Manage outsourced vendors that provide information security functions for compliance with contracted service level agreements.

Manage security projects and provide expert guidance on security matters for all important initiatives.

Shall be responsible for and empowered to conduct IS reviews by defining the frequency and sample size for a detailed log review of various security solutions managed by IS Operations team.

Engaging with internal audit team to conduct periodic reviews based on a scope defined by the internal audit team

Conducting risk assessment of security solutions (including perimeter devices) at any point in time managed by the IS Operations team at their discretion

Results of reviews conducted by or through the IS team would be tabled at the ISRMC, as applicable based on the scope of the review.

In addition to setting standards and carrying out IS reviews, the IS Team shall be directly involved in the incident management processes of the organization