Information Security Officer - India

Job Description:

The purpose of this role is to manage information security for India.

This role will be responsible for delivering information security initiatives across India, ensuring controls and culture are maintained and for supporting business security requirements, leveraging global and regional capabilities.

You will be responsible for building positive stakeholder relationships in the across India, including partnering with tech, business and global functions teams to deliver security initiatives. 

You will communicate and support adherence of the Information Security policy and standards framework. You will work with global centre of excellence teams to ensure policy, standards and projects have local context 

This role will manage information security projects and coordinate resources with regional Technology and business stakeholder staff and external groups. Performs periodic security risk assessments of region markets and brands. 

Successfully utilises support processes and structures sufficient to ensure the business’ information security risk profile meets corporate goals and is maintained/improved over time 

Ensures teams are successfully assessing the scope and impact of incidents and responding with a sense of urgency that matches the incident, following appropriate policies and procedures. Perform "root cause” analysis for major incidents to identify and remediate information security issues.

Manages and supports requests relating to client security, e.g. RFPs, client audits etc 

Assists stakeholders with BCP/DR test planning, execution, training and maintenance projects 

Supports Internal Audit to manage regional audits to include remediation of findings.

Supports supplier security processes where onsite supplier reviews are needed

Professional Skills & Key Experiences 

•    Experience of security compliance initiatives within an enterprise technology environment such as ISO 27001, NIST CSF, CSA, PCI DSS, Cyber Essentials
•    Experience operating in a matrixed organisation to meet requirements of diverse stakeholders.
•    Experience of acting as internal security consultant for project teams and business partners.
•    Track record of supporting information security in a diverse, fast-paced enterprise environment.
•    Knowledge of all domains within security covering people, process and technology
•    Understanding of security risk analysis techniques
•    Understanding of network architecture, protocols and principles (desirable)
•    Ability to explain technical complex concepts to non-technical audiences combined with excellent communication and organisational skills
•    Excellent written and verbal communication skills and able to be understood by both technical and non-technical personnel
•    Stakeholder management and interpersonal skills at both a technical and non-technical level
•    Diligent and thorough approach to problem solving
•    Comfortable with managing uncertainty, ambiguity, and change in order to make decisions and recommendations     

Location:

Brand:

Time Type:

Contract Type: