We are seeking an Information Risk professional, to be part of Corporate Security Group, and play an integral leadership role in the overall development and management of security and risk in a Client specific engagement for the Business Process Services (BPS) line of business (LoB).
Key Responsibilities
• Strong knowledge of privacy laws, standards, rules and regulations
• Utilize best practice standards such as ISO 27001, SOC, NIST, PCI
• Ensure process adheres to legal & regulatory requirements as applicable to the scope of work.
• Ensure adherence to the Client Contractual Requirements of the Process/ Function.
• Ensure implementation security architecture and strategies inline with the business risk and client expectation on the engagement
• Facilitate regular assessments to identify comprehensive risks, any non-compliance or contractual breaches and encourage continuous improvements.
• Align and integrate the Information Security strategy for the engagement with the business goals
• Monitor and evaluate security measures to protect against reasonably anticipated threats or hazards to the privacy, security or integrity of Client sensitive information for the LoB
• Establish, communicate, and maintain a charter for the security management function for the engagement and BPS LoB
• Provide consolidated risk dashboard to the management and the business unit leaders
• Lead and collaborate directly with the Client’s senior management; delivery, practice development and thought leadership related to Information Security solution development, assessment and implementation
• Demonstrates proven knowledge of system security, controls or information security management environment based on the risks, specifically on the following information security domains:
o Security Architecture and Strategy (Integrated Risk Management)
o Data Leakage Prevention; Focus on Data Flow, Encryption
o Large Complex Program Execution/Implementation
o Security Function Design and Governance
o Incident Management
o Security Infrastructure
• Prepare and implement effective security and compliance training to employees to ensure that any changes in regulations are communicated in a timely manner
• Develop, maintain security management plan for the engagement and provide periodic updates to the management and business leaders on the compliance.
• Develop and monitor security metrics for the engagement.
• Review security exceptions for the engagement and identify risks
• Monitor the risk mitigation plans
Basic Qualifications
• 10+ years of experience in information security, preferably in the BPS Services Sector and outsourcing industry
• Bachelors’ degree in Computer Science or equivalent certification
• Security certifications desired such as CISA, CISSP, CISM, CRISC etc
• In-depth understanding of network and system security technology and practices across all major-computing areas.
• Proficient in providing security advisories, solutions or mitigation approach on the inherent risks
• Experience in understanding and deploying risk management frameworks
Preferred Skills
• Focused personality, with a demonstrated ability to take initiative, successfully handle and prioritize multiple competing assignments and effectively manage deadlines
• Ability to think strategically; work with a sense of urgency and pay attention to detail.
• Ability to present complex solutions and methods to a general community.
• Ability to interact with all levels of management and high-profile individuals
• Independent thinking, willingness to "step outside the box" and take reasonable, calculated risks.
• Excellent written and verbal communication and organizational skills.
• Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources.
• Experience with working on global teams across time zones, cultures and languages
Send To A Friend