Information Security Lead

Dear Candidate

Excellent opening

Role: Information Security

Job location: Mumbai, Thane

Experience: 10+ years

Job Purpose:

To handle technical information security aspects of the company including handling information security tools, application security testing, infrastructure security testing, technical security compliance and cloud security controls. The role defines, implements and monitor security controls for IT assets of the organization

• Third-party Risk Management:

  Review the risk assessments of third-party vendors, ensuring compliance with security standards and mitigating potential threats. 

• Application Security testing:

  It includes the review of technical assessment (code review, application security & vulnerability assessment) of partner & internal infrastructure. 

• Data Security:

  Review of the Access controls, Encryption, and Data Loss Prevention (DLP) controls to safeguard confidential data. Review of the security controls implemented for cloud environments and services.

• Internal & External Regulatory Audits & Compliance

  : Lead internal and external regulatory audits to assess the effectiveness of security controls, vulnerability assessments, ensuring compliance with relevant standards and regulations. Organize Information Security Committee (ISC) meetings with Senior Management.

• Information Security Awareness & Emergency Response:

  Ensure Information Security awareness for all employees and vendor staff. Conduct tabletop exercises to discuss various business disruption scenarios for Senior Management.

• Security Operations Centre (SOC) monitoring:

  Monitoring & closure of the security alerts observed by the centralized SOC & vulnerabilities observed in the infrastructure & networks. Brand protection & Dark web alerts monitoring & closure.

• Security tools implementation & monitoring:

  Security Architecture review, Network review, Implementation, monitoring & support of various security tools (PAM, Guardicore, DAM, DLP, EDR, VAPT etc.) as per the organizational requirements.

2) Job Context & Major Challenges:

Job Context - 

Information & Cyber Risk (Information & Cyber Risk) is one of the major risks faced by organizations globally. With the increase in rapid technological changes, digital connectivity, product complexity, & automated transaction processing in the financial services industry, the importance of Information & Cyber Risk has only increased over time. Information Security team function encompasses a wide range of activities to protect sensitive data from unauthorized access, disclosure, disruption, modification or destruction. As Information Security is integral to financial services activities and is all pervasive in nature, the team supports all businesses and support functions, products, systems, management levels and geographies. 

Major challenges

• Sophisticated cyber-attacks are ever increasing. Highly targeted attacks like Advanced Persistent Threats (APT) often involving nation state actors and malicious groups can remain undetected for long periods. 
• Ransomware and supply chain attacks are also on the rise.
• Accidental exposure of data by employees, such as sending out confidential data and malicious actions by disgruntled employees. 
• Complex and evolving technology environments (network, cloud, database, OS etc.) 
• Multiple skillsets are needed to understand complex technologies and environments.
• Identification and classification of the data is needed to set the right security controls for protection.

Job Context & Challenges -

• Reliance on third party vendors and partners can introduce Supply chain and Third-party risks in the systems due to various integrations with them.
• The speed of technological advancements and its adoption by entities leading to newer risk and controls issues.
• Ever changing regulatory landscape requires constant re-alignment of information security controls, processes and systems to ensure compliance with newer regulations.
• Time and effort are needed to build an Information security culture within Business and Support Functions to ensure timely reporting and escalation of known risks/ control gaps / issues.
• Integrated nature of risks whereby one/ multiple security risks may lead to other risk/(s) and vice versa and resultant cascading impact.
• Lack of coordinated effort by diverse stakeholders sometimes leads to delays in remediating issues.
• Involvement of multiple diverse sets of stakeholders sometimes with conflicting interests requires strong negotiation skills to arrive at a consensus which is mutually acceptable to all.
• Rigorous follow-ups with stakeholders and escalations are needed to ensure the Information security posture for the organization.
  

4) Key Result Areas:

Key Result Areas

Supporting Actions

• Vendor Risk Assessment
• Creating Audit checklists, training & implementing tools to ensure the third-party assessments are done
• Data & Cloud Security
• Implementing Security solutions for the monitoring of the networks.
• ISMS & BCMS
• Creating & implementation of Information security policies and process documents as required.
• Regulatory Audits & Compliance
• Ensure Compliance checks for regulatory requirements are done.
• Information Security Awareness 
• Creating Training & awareness modules for all employees and vendor staff.
• SOC monitoring
• Provide training for monitoring various SOC alerts.
• Security tools implementation & monitoring
• Implementation of various security tools as per the organizational requirements.

Requirements:

• Master's or bachelor's degree in information technology / Information Security / Computer Science, or a related field.
• 10 years of proven experience in Information Security, specifically in vendor risk assessments, cloud security, compliance, and business continuity.
• Experience with security auditing, policy development, and emergency response protocols.
• Hands-on experience in cloud security management (e.g., AWS, Azure).
• Familiarity with Business Continuity and Disaster Recovery planning.
• Strong problem-solving skills and attention to detail.
• Excellent communication skills and the ability to collaborate with stakeholders at all levels.

Preferred Qualifications:

• Certifications such as CISSP, CISM, ISO 27001 LA, ISO 22301 LA.

• Technically hand-on person having worked on AWS, AZURE, or OCI cloud security.
• Experience in a fast-paced or enterprise-level organization.
• Proficiency in risk management frameworks.

Please share updated CV at my email ID: geetika.gupta@forward.net.in