Deputy Manager – Information Security

Roles and Responsibilities

Primary responsibilities

• To ensure compliance with the requirements of the ISO27001 standard for IS processes
• To perform risk-based assessment of effectiveness of technical controls for information processing systems on-premise, on cloud and for interfaces with third party systems
• To conduct periodic technical security assessments using security tools to proactively identify security vulnerabilities for Company's on-premise, Cloud IT platforms & applications and highlight the consequent risks to the management for its mitigation
• To evaluate new security technology solutions and recommend the same for its adoption
• To perform Information Security risk assessments for changes to Comapny's on-premise / cloud platforms based on business requirements
• To analyze security logs and identify early warnings of security weaknesses and highlight the associated risks to the management for its mitigation
• To provide support in conducting tests of IT continuity and redundancies for critical IT assets on-premise and on Cloud
• To provide support to both External and Internal Audit teams for conducting ISMS audits / security assessments Secondary responsibility
• To facilitate business functions and Company's (ALs Information Technology department) in the implementation of security processes, controls and technologies
• To support in the implementation of ISMS for Group Companies

Technical competencies

• The incumbent must possess
• Strong functional knowledge on Information Security
• In-depth understanding of ISO 27001 standard, Cyber Security framework (such as NIST) and
• Application security frameworks (such as OWASP)
• In-depth technical knowledge of Network security, Cloud Security and Mobile application
• security
• Good understanding of SIEM, Malware protection, IDS/IPS, Firewall and other security
• technologies
• Strong security analytical skills

Qualifications & Work experience

• Qualification: B.E / B Tech (IT) with additional certifications such as Certified Information
• Security Auditor (CISA), Certified Information Systems Security Professional (CISSP)
• Additional technical certification in systems & network security such as Certified Ethical
• Hacker (CEH)
• A minimum of 3 years of relevant experience in Information Security.
  

Desired Candidate Profile

Perks and Benefits