Information Security Officer (ISO) (Job Code : J42110)  

 Job Summary
Share this job on Facebook  Share this job on Twitter  Share this job on Linked In
 
Experience:
5.00 - 8.00  Years 
 
Location:
Mumbai
 
Designation:
Information Security Officer (ISO)
 
Degree:
BTech-Comp/IT, BTech-Other, MCA, MCM, ME-Comp/IT, ME-Other, MSc-Comp/IT, MS-Comp/IT, MSc-Other, MS-Other, MTech-Comp/IT, MTech-Other, BCA, BE-Comp/IT, BE-Other, BSc-Comp/IT, BSc-Other
 
Educational Level:
Graduate/Bachelors
 
Stream of Study:
 
Industrial Type:
IT-Software/Software Services
 
Functional Area:
IT Software - Network Administration / Security
 
Key Skills:
Information Security
 
Job Post Date:
2020-01-11 10:14:43  
 
 

 Company Description
 
Our Company is a innovative digital solutions and services company that has been trusted by the world-s Most Innovative Startups, leading Fortune 500 companies, Sports & Events companies and Governments to provide a new generation of Real-Time, Engaging Experiences and Network DevOps for more than 11 years.
 

 Job Description
 
Professional certification: CISSP, GIAC, CISA, etc. is preferred.

Responsibilities:
Defining the necessary level of knowledge on existing and emerging regulatory compliance
requirements across the organization.
Develop / maintain a work plan that reflects internal and external compliance requirements for
the company
Create culture of cyber security both with the IT organization and driving behavioral changes for
the business
Guiding the security team in a productive, organized way to accomplish compliance and audit
tasks
Direct risk assessment program for all new and existing systems and stay up to date on the
company’s goals / business processes so effective controls can be put into place for areas
presenting the greatest information security risk
Ensure vulnerabilities are managed by directing regular vulnerability scans on all systems
connected to company’s network
Provide guidance, advice, training/educational programs to improve company`s understanding
of related laws and regulatory requirements
Provide strategic direction to the management team on compliance
Evaluate the efficiency of implemented controls and improve them continuously
Draft, modify and implement company policies
Develop information security awareness training and compliance program
Prevent potential disaster situations by ensuring that proper protections are in place, such as
(but not limited to) intrusion detection and prevention systems, firewalls, end-point security,
and physical security safeguards
Ensure the availability of all company assets and resources by ensuring a business continuity /
disaster recovery plan is in place and tested regularly
Collaborate with HR department to monitor enforcement of standards and regulations and
escalate security incidents to respective teams when sensitive information has been breached
Maintain and re-evaluate Incident Response procedures to meet industry best practices and
new business requirements
Remain knowledgeable and current through self-directed professional reading, attending
professional development courses / conferences as directed by manager, and obtaining
certifications relevant to job duties
Prepare and present clear and concise compliance reports to executive leadership, board of
directors, and information security manager
Coordinate internal compliance review and monitor activities, including periodic reviews of each
department
Independently do spot checks on matters related to compliance and present discrepancies to
the information security manager
Review incoming contracts and agreements for compliance related asks and include those asks
in the corresponding work plan
Estimate effort and bandwidth required for continuous and ad-hoc compliance activities, work
with the Information Security Manager to define hiring needs both in terms of internal
headcount and external vendor support required
Interface with regulators/audit firms/client compliance teams and other external parties, and
support them with internal coordination
Develop policies and programs that encourage managers and employees to report suspected
improprieties, without any fear of retaliation and hold the corresponding part of the company
accountable
Regularly review sub-service compliance reports / security questionnaires to ensure they are
following industry best practices
Monitor employee activity for policy adherence

Skills
Understand hardware and software systems
Maintain confi-dentiality regarding information processed, stored, or accessed by systems
Manage multiple concurrent projects and train individuals with different levels of technical
knowledge
Effective verbal and written communication skills
Develop knowledge of, respect for, and skills to engage with those of other cultures or background
Prior evidence of working with the following compliance standards / laws
o SOC2 Type 1 & Type 2 SSAE18 standards (Mandatory)
o ISO 27001 and ISO 27002
o GDPR
o CCPA
o FedRAMP
o Cyber Essentials Plus
Data Classification / Retention
Risk Management
Cyber Insurance
Awareness about the upcoming data protection standards / laws (i.e. Personal Data Protection Bill,
2019)