Information Security Officer

Job Description

Job Description

Position Summary:

Build security architecture aligned with the business goal.

Key Responsibilities

Strategic Leadership:

• Develop and implement a strategic, long-term information security strategy and roadmap to ensure that information assets are adequately protected.
• Establish and maintain a framework to ensure that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.

• Identify, assess, and prioritize information security risks and implement mitigation strategies.
• Develop and maintain an information security risk management program that includes threat modelling, vulnerability assessments, and risk assessments.
• Monitor and report on risks and the effectiveness of risk management processes.
• Conduct Business Impact Analysis and build BCP and DR by aligning with each department.

• Establish, maintain, and enforce a group-wide information security management program to ensure that information assets are adequately protected.
• Develop, implement, and maintain policies and procedures that govern the security of data and information systems.

• Lead the response to security incidents, including the investigation of violations and the implementation of corrective actions.
• Develop and oversee incident response planning, as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches.

• Ensure compliance with relevant legal, regulatory, and contractual requirements.
• Oversee the development and implementation of security programs that address security objectives, including audit reviews, risk assessments, vulnerability assessments, and compliance assessments.

• Evaluate new security technologies and make recommendations for adoption. Oversee the selection, implementation, and operation of information security technologies.
• Direct and approve the design of security systems.

• Build, develop, and manage a high-performing information security team.
• Provide leadership and mentoring to the information security staff.
• Manage security budgets and monitor costs, ensuring they are within budgetary limits.

• Work closely with other executives to prioritize security initiatives and spending based on appropriate risk management.
• Collaborate with internal and external auditors to ensure compliance with policies and controls.

• Develop and implement a security awareness program to educate the organization on security best practices and policies.
• Conduct training sessions for employees on various aspects of information security.

• Strong ability to design and implement audit plans, ensuring thorough assessment of security controls.

Qualifications

Education:

• Bachelor's degree in information technology, Cybersecurity, Computer Science, or a related field.

• Minimum of 10 years of experience in information security and IT risk management, with at least 5 years in a Team Management / leadership role.
• Proven experience in developing and implementing information security strategies and programs.
• Experience in ISO 27001, SOC 2 Type I, and SOC 2 Type II audits.
• Proficient in control assessment, audit planning, and reporting.

Certifications

Certified Information Systems Security Professional (CISSP), Certified Information

Security Manager (CISM), CISA or similar certifications are highly desirable.

• Strong knowledge of information security management frameworks (e.g., ISO/IEC 27001, NIST).
• Knowledge on regulatory requirements in terms of infosec from Different Laws Like GDPR, DPDP, IT Act 2000, CICRA and different US data privacy laws will be preferred.
• Strong communication skills, with the ability to convey complex information security concepts to non-technical stakeholders.
• Extensive experience in security policy development, risk management, and incident response.
• Excellent leadership and management skills, with the ability to lead and motivate a team.
• In-depth understanding of the latest security principles, techniques, and protocols

Skills: leadership,incident response,security policy development,strong communication skills,gdpr,risk management,compliance,nist,it act 2000,leadership and management skills,audit reports,security,iso/iec 27001,cicra,information security management frameworks,us data privacy laws,dpdp,policies & procedures