Profile : ISM / Information Security Manager

Location : Whitefield, Bangalore (5 Days WFO)

We are looking for a candidate who can manage Information Security operations in order to maintain and improve Information Security practices, governance and control desired from the Role.

Area Of Responsibilities :

▪ Provide support to GRC team with artefacts / evidence collection required by them during ISMS, Internal and External Audits

▪ Facilitate support and coordination required during any audit activities

▪ Track compliance & Reviews of periodic ISMS activities such as Disaster Recovery related drill, Backup & Restoration, Change Management, IP Whitelisting/ACL, Access and Roles Reviews, IS Signoff for new development and features etc

▪ Control adoption of ISMS / Information Security Policy across all department and function

▪ Track effectiveness of Information Security department specific KPIs

▪ To ensure current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement done on time

▪ Oversee technological upgrades, improvements and major changes to the information security environment

▪ Perform periodic review of Change Management, Rules and Configuration

▪ Review control compliance required before Information Security Sign-off

▪ Review of Information Security events monitoring and Incidents

▪ Periodic review of Information Security related supplier for its SLAs

▪ Review Information Security Effectiveness measurement metrics across department and function as per documented procedure and associated templates

▪ Manage Information security awareness related training to organization personnel

▪ Provide Information Security training for new onboarding

▪ Manage Information Security specific subscription / license and certification and periodically review Information Security related spending to align with the Budget cap.

▪ Manage and Control issuance of Digital Certificates and Encryption Keys

▪ Serve as a focal point of contact for the information security team and the Vendor/Partner or organization

▪ Communicate information security goals and new programs effectively with other department managers within the organization

▪ Evaluate and assess any platform or solution required within Information Security function and ensure effective deployments and its efficient use

▪ Periodically undertake the Incident Response simulation / table-top exercise and drill to test its effectiveness

▪ Create and publish reports, dashboards, metrics for Information Security operations and presentation to Department Head / Management.

▪ Providing Department Head / Management oversight with a realistic overview of risks and threats in the technology environment.

▪ Manage the process improvement within the Information Security function.

▪ Identify, assess, and resolve complex issues within own area of responsibility

Desired Skills :

▪ 4+ years of experience in Information Security relation operations

▪ At-least 2 Years of ISO 27001 certifications

▪ Completed CISSP training or certifications

▪ Proven track record in risk management, preferably in the audit or compliance activities, technology, or other pertinent control functions

▪ Proficient in architectural design principles, cyber threat assessments, and the software development life cycle

▪ Proficient with firewalls, endpoint security, mobility management, and vulnerability scanning

▪ Demonstrated expertise in the management of technology and application risks and controls

▪ Understanding of Information security standards, guidelines and controls such as CIS, OWASP, NIST, ISMS etc

▪ Demonstrated aptitude for analysis and problem-solving

▪ Strong organizational skills and the capacity to multitask successfully

▪ Familiar with security best practices in IaaS/PaaS services such as AWS, Azure and Google Cloud

▪ Familiar with MITRE ATT&CK framework

▪ Familiarity with Cloud environment such as AWS, GCP, Azure

▪ Deep understanding of Threat hunting, OSINT, DarkWeb analysis and compromise assessment.

▪ Good understanding of Client/Server Architecture, TCP/IP Model and Network Topology

▪ Familiar with OSI Model and associated layer / data units such as network layer and its data units involving Packet, Fragment, Frame, Datagram, and Segment

▪ Familiar with multiple Operating System platforms such as Windows, Linux and Unix.

▪ Familiar with popular commercials / open source tools and techniques used by hackers

▪ Familiar with Information Security tools and solutions, category such as SIEM, Vulnerability Scanner, Web Scanner, Mobile App Security Audit, Cloud Security Audit etc

▪ Familiar with different Technology stack such as ELK (Elasticsearch, Logstash, Kibana), Server Less, Lambda etc

▪ Knowledge of Security testing methodology, and other international industry recognised standards and guidelines including CIS controls in depth.

▪ Demonstrate strong understanding of Open Source technologies, framework, tools and trends

▪ Up-to-date on general cyber security risks and threat landscape

▪ Aware of general cyber security practices needed by computer and internet user

▪ Strong written and verbal communication skills expected - ability to communicate security and risk-related scenarios to both technical and non-technical stakeholders

▪ Strong knowledge of Word, Excel and PowerPoint for professional documentations.

Eligibility :

▪ BCA / BSC / B Tech (CS/IT) / BE (CS/IT) / Diploma holder (IT / Computer / Network)

▪ Work Experience: 6-10 Years of total work experience. Minimum 4+ Years experience in Information Security operation related roles.

▪ Preferred Certifications CISSP, CRISC, CISA, CISM, CCSP and ISO 27001