Senior Manager Information Security
Job Description
As a Senior Manager of Information Security, you will play a pivotal role in leading andmanaging a team of skilled information security professionals. This role demands acomprehensive understanding of IT Governance, cybersecurity strategies, riskmanagement, audit methodology and the ability to provide expert guidance to clients.The person must have hands-on 3 years of experience in performing IT audits, SOC2,ISO 27001/ BCP implementation, risk assessment in initial years of career.
The personshould be of consulting background. You will be responsible for overseeing the deliveryof high-quality information security consulting services, ensuring that client expectationsare not only met but exceeded.
Responsibilities:
- Leadership and Team Management:
Lead and inspire a team of information security consultants, fostering a
collaborative and innovative work environment.
Provide mentorship, guidance, training for team members.
Update the team about evolving cybersecurity threats and technologies, new
audit methodology and tools- Client Engagement:
Work closely with clients to understand their business objectives and tailor
information security solutions to meet their specific needs.
Serve as a trusted advisor to clients, providing strategic insights on information
security best practices, risk management, and compliance.
Meet the clients at the time of kick off and on periodic visit during the project
duration
Update the clients about new threats impacting their environment, regulatory
guidelines.- Project Management/ Audit Planning
Develop and execute IT/system audit plans/ project plan in alignment with
organizational objectives and regulatory requirements
Oversee the planning, execution, and delivery of information security consulting
projects within scope, budget, and timeline.
Guide or perform detailed examinations of IT systems, processes, and controls
In case of audit, maintain comprehensive and accurate audit documentation,prepare clear and concise audit reports outlining findings, risks, and
recommended remediation actions and communicate audit results to
management and relevant stakeholders
Implement project tracking tools and submit the status report to senior
management on regular basis.- Technical Expertise:
Stay abreast of the latest trends, vulnerabilities, and technologies in the
information security landscape.
Stay update with new regulatory/ legal requirements
Prepare expert note on new changes for internal purpose skill upgradation
Working knowledge of Global Standards (Like ISO 27001, 27701,31000,22301), Frameworks (NIST etc) Certifications,
- Risk Assessment and Mitigation:
Conduct risk assessments to identify potential vulnerabilities and recommend
appropriate mitigation strategies.
Collaborate with clients to develop and implement effective risk management
programs.- Policy and Compliance:
procedures, and guidelines.
Ensure compliance with relevant industry regulations and standards.- Communication and Reporting:
Communicate complex technical concepts to both technical and non-technical
stakeholders.
Prepare and present comprehensive reports to clients and senior management.
Desired Candidate Profile
Extensive experience (7-8 years) in information security consulting or a
similar role.
Professional certifications such as CISSP, DISA, CISM, or CISA are highly
desirable.
Strong leadership and interpersonal skills with a proven ability to manage
and motivate a diverse team.
Excellent communication and presentation skills.
In-depth knowledge of Audit standards, cybersecurity frameworks,standards, and best practices.
Experience required: 7-8 years