Objective of the Role:
The Manager - Information Security is primarily responsible for protecting IT infrastructure (including networks, hardware and software) from a range of global security threats, ensuring the organisation is compliant with latest standards, and ensures that our products are secure and data safe. The focus areas will be ISO 27001, GDPR, SOC 2 and anything related to privacy and information security which can impact the organisation adversely.
Role & Responsibilities:
- Manage the information security management system (ISMS) effectively within the organisation through its policies and standards.
- Perform gap assessment on the organisation’s cyber security landscape primarily to prevent them from cyber security threats and its mitigation plan
- Manage end to end information security, cyber security for the organisation.
- Develop business continuity plans and design workflows at individual and team levels as per ISO framework. Work with teams on developing and implementing policies and processes for security and compliance.
- Perform the risk assessment from Cyber Security, Business Continuity and Privacy perspective.
- Drive ISO 27001 implementation for the organisation as per defined timelines and work towards certification
- Work with various stakeholders such as Product, Engineering, Client Success and Operations to ensure that VMock achieves compliances with technical and compliance standards such as WCAG 2.0 AA, SOC 2, ISO 27001 and GDPR.
- Work on Data privacy including design/development and review of privacy framework aligned with GDPR requirements.
- Design/assess/review of information security and privacy framework aligned to IT Act requirements.
- Assist Sales Operations teams with any compliance and technical issues to onboard VMock as a vendor for clients.
- Develop presentations and documentation to share information with clients and other stakeholders.
- Educate internal teams including Sales and Client Success on internal compliance standards and processes.
- Review and research client requirements and industry standards across compliance and technical domains to recommend internal policies and processes.
- Review product changes including any downtime notifications and develop communication strategies for providing the same to clients and users.
- Troubleshoot, analyse and resolve issues by translating client requirements into tickets for internal development, client success and information security. Follow up with various teams to ensure completion of tasks while updating clients and any other internal and external stakeholders.
- Strengthen the organisation’s business continuity posture and research best practices and industry standards to create a set of action items for the Organisation.
- Perform independent third party assessments and provide recommendations to clients in order to minimise cyber security risks.
- Conduct Training and Awareness workshop for Data Privacy and Information Security for the organisation and across teams.
- Ensure all processes in VMock are inclusive of security controls and development activities are taking care of security standards.
- Qualifications: BCA / B.E / B.Tech or M.E / MTech / MCA
- 4-10 years’ of experience in Information systems security and IT Risk Management.
- Must have experience to design, develop, implement and maintain information security framework aligned to ISO 27001:2013 framework.
- Experience on Data Privacy including design/ development and review of privacy framework aligned with GDPR requirements and GAPP framework.
- Good know-how of:
- Risk advisory & GRC oversight
- Senior management communications
- Metrics (Governance Risk and Compliance Reporting)
- Risk Management tools
- Management of Information Security Policies, Procedures and Controls
- Understanding on technology, IT and governance aspects from a Cyber Security perspective.
- Understanding on performing gap assessment on the organisation’s cyber security landscape primarily to prevent them from cyber security threats.
- Security certifications like CISA, CISSP, CIPP, CIPM, CCSP, CRISC etc., or equivalent are an added advantage.
- Exposure to international security standards & frameworks including ISO 27001/2, GDPR, PCI DSS etc are preferred.
- Knowledge of cybersecurity concepts (threats, vulnerabilities, risk, confidentiality, integrity, availability, network/application security, web security, etc.).
- Experience developing and producing security metrics and reports that are meaningful and actionable across various audiences.
- Experience working with Internal and External Audit teams.
- Well versed with Risk Management principle.
- Exposure in development and documentation of information security / cyber security policies and procedures.
- Experience on design/ assessment/ review of information security and privacy framework aligned to IT Act requirements.
- Should have managed end to end information security, cyber security for organisations.
- Effective communication, negotiation and problem solving skills.
- Ability to network with stakeholders and other support functions across a global organisation.
- Ability to interact and work with client stakeholders to highlight and remediate risks/ share leading practices and protect organisational interests.
- Plan, organise, coordinate and work well under pressure.
- Eagerness to learn new things and discover emerging and new data trends.
- Ability to make an impact, influence and achieve results with effective negotiation, problem-solving and communication skills.
Must have Qualifications
- Certified ISO 27001 Lead Implementer
- Certified ISO 27001 Lead Auditor
- Certified Information Systems Auditor
- Certified Information Systems Security Professional
About the company:
VMock aims to empower students and professionals along the various phases of their career journey leveraging the power of artificial intelligence. The VMock platform delivers personalized career guidance to job seekers across the world. Over 200+ leading business schools and universities' students & alumni and their career centers use our products to accelerate their career goals.
Our team consists of some of the best engineers, data scientists, and product owners who not only have an exceptional background but also a shared passion for helping others in their careers. We pride ourselves in innovation and our team members have a die-hard passion for solving complex problems while maintaining a collaborative team environment that is focused on the growth of every team member. Our fast-paced culture is a great fit for anyone looking to make a mark through their work to create impact globally while working with high caliber team members.
VMock is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.
We have offices in Gurugram and Chicago.
... Show more