Group Manager - Information Security

Key Responsibilities:

• Possess cross domain knowledge in various areas of Cyber Security such as but not limited to
• 1 Information Security Forum ISF Standards of Good Practice SoGP
• 2 Information Security Management System ISMS based on ISO 27001 and ISO 27002 standards and very strong skills in writing and disbursing of Cyber Security Policies Processes Procedures Standards and Guidelines
• 3 Information Security measurement and monitoring based on ISO 27004 wherein strong skills in Microsoft Office suit products are heavily utilized
• 4 Information Security Audits
• 5 NIST Cyber Security Framework CSF
• 6 Cyber Security Strategy
• 7 Cyber Security Maturity Models

Technical Requirements:

• A good understanding or working knowledge of
• 1 Vulnerability assessments and penetration testing
• 2 Application security source code reviews
• 3 Incident management and investigations life cycle
• 4 Security Architecture design principles and its applications in real world scenarios
• 5 Working knowledge of various other Best Practices Standards Regulatory and Statutory frameworks such as but not limited to SSAE 16 18 PCI DSS HIPAA GLBA SoX SANS Critical Security Controls CSC Privacy in general but General Data Protection Regulation GDPR in particular
• 11 Stay abreast with the fast changing world of Information Technology and Cyber Security and liaison with leading Industry bodies forums and CxO community to share and learn ideas and adopt best practices where possible
• ISO 27001 Lead Auditor LA or Lead Implementer LI Certification Mandatory
• CISSP certification Mandatory

Additional Responsibilities:

• 1 The Head of Cyber Security Governance reports to the CISO
• 2 Travel across different Infosys locations
• 3 As and when opportunities arise travel to attend conferences and industry body work groups

Preferred Skills: