Avestacs Looking for INDIA – Information Security at Mumbai Full Time

Job Title: Information Security

Location: Mumbai, India

Experience: 7 – 12 years

Notice Period: Immediate to 30 days (IF SERVING)

Our customer is leading financial/investment institutions, commercial banks.

Overview:

As integral part of core IT team, responsible for: Information security management; Operational risk management; Information Security Governance; IT Vendor Risk management; IT Risk, audits & quality assurance; ISO 27001 and manage Information Security Technology solutions and contribute to enhance the security posture of the company.

Experience & Qualifications:

– 8 to 12 years in Information Security/ Cyber Security role.

– BE/BTech/MCA/Post-Graduate, Certification – ISO 27001 LA, Good to have:

– CISA/CISSP/CISM

Managerial Responsibilities:

– Interact regularly with internal and external stake holders; drive and oversee development and implementation of risk assessment framework & InfoSec maturity enhancement across organization

– Knowledge of emerging Information Security and Cyber risks; controls and risk mitigation; conducting information security awareness program

– Drive and own Information Security Governance, Risk and Compliance initiatives. Implement and manage Information Security technology solutions.

– Developing a Security-First approach for the Application development team and drive the InfoSec framework within the application development framework.

– Conducting vendor risk audit, Information Security assessment and being part of various audits conducted by clients, regulators etc.

– Managing Information Security Projects: requirement gathering, coordination, Creation and maintenance of Project Plan, Project documentation, Implementation effective knowledge transfer.

– Having good communication and presentation skills.

– Ability to multitask and work well under pressure

Functional Responsibilities:

– Develop and own information security framework, policies, procedure and SOPs

– Ensure information security compliance across the organization; conduct third-party vendor audit, InfoSec assessment, work as an auditee for clients and audits by regulators

– Incident identification, response and remediation; to work with managed SOC vendor.

– Ensure information security awareness across the organization; enhance overall security posture for organization; conduct mock drills etc.

– Experience/Knowledge in Infrastructure, network security, application & mobile security, malware analysis.

– Manage and maintain information security technology controls e.g- End-point security, EDR/XDR, ZTNA, WAF, WaaS, Firewall & IPS,

– Experience in threat management, vulnerability Assessment /Penetration testing Tools

– Ensure information security Risk assessment and risk mitigation

– Developing & execute cyber strategy roadmap, Be the Analyst-in-Chief for assessing any information security situation.

Technical & Functional Competencies:

– VA/PT, Endpoint Security, Network Security, WAF, SOC, SIEM, ZTNA, SOAR ISMS, ITGC, Risk Management.

– Incident detection, response and remediation

– Information security Governance, Risk and Compliance; Document (Policy, Procedure, SOP) writing skills

– Skills on providing Information Security training

– Conducting InfoSec assessment, vendor risk audit and attending audits

– Experience on various IT service management standards such as ITIL and IS management standards like NIST, ISO 27001, ISO31000 and ISO22301

Hiring Insights

Job activity

–