linkedin-tag-img
FOLLOW We-Ace
 

Manager - Information Security & Data Protection

First source
1 Openings • Deadline 02 Jan 2022
About the job

 

General Purpose: To take the lead in providing expert advice and the promotion of Information Security and data protection compliance and best practice in setting and maintaining standards and procedures across the organization.

On an ongoing basis the post-holder will be responsible for fielding all internal and external Data Protection and Information Security issues and queries, seeking legal advice where necessary, as well as maintaining a register of those queries.

Where appropriate senior management must be kept aware of any issues and queries which present a reputational or material risk.

The post-holder will ensure that appropriate awareness training is conducted for all staff on defined periodicity.


Position Responsibilities:

  • Creating, updating and disseminating data protection policies;
  • Resolving ad hoc queries and issues relating to data protection;
  • Identifying data protection and information security issues that need addressing;
  • Managing a data protection and information security training program;
  • Managing data protection subject access requests;
  • Implementing controls for adherence with data protection legislation and relevant codes of practise; Ensuring the company follows all codes of practice in the relevant sector;
  • Developing audit standards for personal data handling and information security activity to ensure adherence to internal and external policies;
  • Liaising with relevant teams to test the company’s capability to respond to a breakdown or other serious contingencies in its operations that affects information security, personal data handling and data protection (both for automated and manual information);
  • Maintaining an information asset register; Establishing and monitoring information exchange agreements;
  • Regularly reviewing the risk with service owners and data owners
  • Maintain and execute the incident response procedure ensuring prompt redress of information security incidents;
  • Ensure that the Data Protection aspects are properly covered in the governance documents of all systems processing personal data.
  • Working with business and support units within the organization to implement the IRM (information risk management) and business continuity strategies and frameworks set by the organization / Management information Security Forum ( MISF) for Firstsource;
  • Interface with potential and existing customers as a senior management information security and business continuity representative, providing assurance and information as required by the business, marketing or other teams;
  • Any other duties as are within the scope, spirit and purpose of the job, the title of the post and its grading as requested by the line manager or Head of Department/Division.
  • Serves as an internal information security consultant to the organization. Advises the organization with current information about information security technologies and related regulatory issues
  • Documents security policies and procedures created by the Information Security Committee
  • Implements information security policies and procedures for the organization
  • Reviews all system-related security plans throughout the organization's network, acting as a liaison to Information Systems
  • Monitors compliance with information security policies and procedures, referring problems to the appropriate department manager
  • Coordinates the activities of the Information Security Committee
  • Monitors the internal control systems to ensure that appropriate access levels are maintained
  • Protects system by defining access privileges, control structures, and resources.
  • Recognizes problems by identifying abnormalities; reporting violations.
  • Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
  • Determines security violations and inefficiencies by conducting periodic audits.
  • Upgrades system by implementing and maintaining security controls.
  • Keeps users informed by preparing performance reports; communicating system status.
  • Any other duties as are within the scope, spirit and purpose of the job, the title of the post and its grading as requested by the line manager or Head of Department/Division.
  •  

Note: This job description reflects the present requirements of the post. As duties and responsibilities change and develop the job description will be reviewed and be subject to amendment in consultation with the post-holder.

 

Knowledge and Skills

  • Excellent written and verbal communication and presentation skills
  • Strong analytical and evaluation ability, and problem solving skills
  • Strong interpersonal skills, able to establish credibility at all levels
  • Strong persuasion and influencing skills
  • Self-motivated team player able to work effectively with diverse client groups and also on own initiative
  • Strong planning and organizational skills;
  • Flexible and adaptable style;
  • Significant broad IT experience, at least some of which has been in a security role
  • A good working knowledge of Information Security and SOC1 & SOC2, ISO 27001, PCI DSS, HITRUST , My CSF, GLBA HIPAA principles and practices
  • Broad awareness of hardware/software security products

Qualifications - External

Any degree or diploma with relevant experience

 

Minimum Experience

10 to 12 years of experience in Managing Information Risk Management , Data Privacy , Security Certifications 

Preferred Field-of-Expertise

ISO 27001, PCIDSS, HITRUST , SOC2  / SOC 3 .

 

 

 

Qualifications
  • Btech/BE
  • (Equivalent profile accepted)
Skills Required

Information security

Missing any skill? Learn it now

Fulfillment Required
Yes
Job Type

FullTime

Job Location

Bangalore

Work Experience

8-12 years

Salary

Rs. 12-15 Lacs

Functional Area

IT Software - DBA/ Datawarehousing

Industry Type

Other

Published On

02 Dec 2021

We don't serve cookies but we sure use cookies to serve you a better experience of our platform. We hope you agree to let us use them.
I agree