Job Brief: Owning all ISMS and PIMS risk and compliance processes by liaising with various Support functions like Technology, HR, Finance, Legal, etc. as well as Business functions to ensure that the organization s processes, applications, and infrastructure in India comply with regulatory and industry security standards like ISO 27001:2013, BS 10012:2017 and GDPR by supporting a risk driven approach to make valuable recommendations on standardization of processes and controls, and influence changes and decisions. The candidate will help achieve ISO 27001 and 27701 certification and drive continuous improvement of information security-related processes and meet the organization’s security requirements.
Responsibilities:
1. Contribute to sustainable IT controls environment through involvement in key control activities.
2. Coordinate with stakeholders at various office locations across India to ensure compliance and facilitate internal and external audits related to Information Security Management System (ISMS), Personal Information Management System (PIMS), and GDPR, like ISO 27001:2013, etc.
3. Facilitate and liaise with various stakeholders to close all audit findings within the timeframe.
4. Undertake periodic compliance reviews of InfoSec and Privacy controls for applications, network, and IT infrastructure of the organization, against defined policies.
5. Provide periodic status reports to the management on the compliance status of the firm.
6. Drive the remediation of IT control deficiencies.
7. Assist in designing and establishing new security frameworks for various operational processes
8. Responsible for keeping updated the ISMS and PIMS policy/ procedure documents of the firm, after periodic review or any major changes in processes, and maintain an up-to-date repository of documents for the Information Security team.
9. Drive InfoSec & Privacy awareness across the firm through training, awareness mailers, etc.
10. Undertake Business Impact Assessment (BIA) exercise with various functions for identification of critical applications and their RTO/ RPO.
11. Identify gaps in infrastructure related to cybersecurity and identify tools to mitigate the same
12. Drive the deployment and managing of security tools like email security, Endpoint DLP, VAPT, etc.
13. Any other duties commensurate with the role
14. Should be Self-Starter.