PROFILE: ISM / Information Security Manager

Location : Bangalore ( 5 Days Work from Office)

We are looking for a candidate who can manage Information Security operations in order to maintain and improve Information Security practices, governance and control desired from the Role.

AREA OF RESPONSIBILITIES:

• Provide support to GRC team with artefacts / evidence collection required by them during ISMS, Internal and External Audits
• Facilitate support and coordination required during any audit activities
• Track compliance & Reviews of periodic ISMS activities such as Disaster Recovery related drill, Backup & Restoration, Change Management, IP Whitelisting/ACL, Access and Roles Reviews, IS Signoff for new development and features etc
• Control adoption of ISMS / Information Security Policy across all department and function
• Track effectiveness of Information Security department specific KPIs
• To ensure current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement done on time
• Oversee technological upgrades, improvements and major changes to the information security environment
• Perform periodic review of Change Management, Rules and Configuration
• Review control compliance required before Information Security Sign-off
• Review of Information Security events monitoring and Incidents
• Periodic review of Information Security related supplier for its SLAs
• Review Information Security Effectiveness measurement metrics across department and function as per documented procedure and associated templates
• Manage Information security awareness related training to organization personnel
• Provide Information Security training for new onboarding
• Manage Information Security specific subscription / license and certification and periodically review Information Security related spending to align with the Budget cap.
• Manage and Control issuance of Digital Certificates and Encryption Keys
• Serve as a focal point of contact for the information security team and the Vendor/Partner or organization
• Communicate information security goals and new programs effectively with other department managers within the organization
• Evaluate and assess any platform or solution required within Information Security function and ensure effective deployments and its efficient use
• Periodically undertake the Incident Response simulation / table-top exercise and drill to test its effectiveness
• Create and publish reports, dashboards, metrics for Information Security operations and presentation to Department Head / Management.
• Providing Department Head / Management oversight with a realistic overview of risks and threats in the technology environment.
• Manage the process improvement within the Information Security function.
• Identify, assess, and resolve complex issues within own area of responsibility

DESIRED SKILLS:

• 4+ years of experience in Information Security relation operations
• At-least 2 Years of ISO 27001 certifications
• Completed CISSP training or certifications
• Proven track record in risk management, preferably in the audit or compliance activities, technology, or other pertinent control functions
• Proficient in architectural design principles, cyber threat assessments, and the software development life cycle
• Proficient with firewalls, endpoint security, mobility management, and vulnerability scanning
• Demonstrated expertise in the management of technology and application risks and controls
• Understanding of Information security standards, guidelines and controls such as CIS, OWASP, NIST, ISMS etc
• Demonstrated aptitude for analysis and problem-solving
• Strong organizational skills and the capacity to multitask successfully
• Familiar with security best practices in IaaS/PaaS services such as AWS, Azure and Google Cloud
• Familiar with MITRE ATT&CK framework
• Familiarity with Cloud environment such as AWS, GCP, Azure
• Deep understanding of Threat hunting, OSINT, DarkWeb analysis and compromise assessment.
• Good understanding of Client/Server Architecture, TCP/IP Model and Network Topology
• Familiar with OSI Model and associated layer / data units such as network layer and its data units involving Packet, Fragment, Frame, Datagram, and Segment
• Familiar with multiple Operating System platforms such as Windows, Linux and Unix.
• Familiar with popular commercials / open source tools and techniques used by hackers
• Familiar with Information Security tools and solutions, category such as SIEM, Vulnerability Scanner, Web Scanner, Mobile App Security Audit, Cloud Security Audit etc
• Familiar with different Technology stack such as ELK (Elasticsearch, Logstash, Kibana), Server Less, Lambda etc
• Knowledge of Security testing methodology, and other international industry recognised standards and guidelines including CIS controls in depth.
• Demonstrate strong understanding of Open Source technologies, framework, tools and trends
• Up-to-date on general cyber security risks and threat landscape
• Aware of general cyber security practices needed by computer and internet user
• Strong written and verbal communication skills expected - ability to communicate security and risk-related scenarios to both technical and non-technical stakeholders
• Strong knowledge of Word, Excel and PowerPoint for professional documentations.

ELIGIBILITY:

• BCA / BSC / B Tech (CS/IT) / BE (CS/IT) / Diploma holder (IT / Computer / Network)
• Work Experience: 6-10 Years of total work experience.
• Minimum 4+ Years experience in Information Security operation related roles.
• Preferred Certifications CISSP, CRISC, CISA, CISM, CCSP and ISO 27001