The Information Security & Assurance program encompasses a global team that is responsible for ensuring all security risks pertaining to business delivery and Client engagements are managed end to end. The team is a business facing team and engages on a frequent basis with business leaders to identify, analyze and mitigate security risks. The team is also the primary touch point between the Corporate Security Group and Business teams, while supporting the Business on Client security requirements and compliance.
We are seeking an Information Security & Assurance professional, to be part of Corporate Security Group, and play an integral leadership role in the overall development and management of security and risk for the Banking, Financial Services (BFSI) line of business (LoB).
Strong knowledge of privacy laws, standards, rules and regulations
Utilize best practice standards such as ISO 27001, SOX, NYDFS, NIST, PCI
Ensure process adheres to legal & regulatory requirements as applicable to the scope of work.
Ensure adherence to the Client Contractual Requirements of the Process/ Function.
Ensure implementation security architecture and strategies in line with the business risk and client expectation on the engagement
Facilitate regular security assessments to identify comprehensive risks, any non-compliance or contractual breaches and encourage continuous improvements.
Align and integrate the Information Security strategy for the engagement with the business goals
Monitor and evaluate security measures to protect against reasonably anticipated threats or hazards to the privacy, security or integrity of Client sensitive information for the LoB
Establish, communicate, and maintain a charter for the security management function for the engagement and BFSI LoB
Provide consolidated security risk dashboard to the management and the business unit leaders
Lead and collaborate directly with the Client's senior management; delivery, practice development and thought leadership related to Information Security solution development, assessment and implementation
Demonstrates proven knowledge of system security, controls or information security management environment based on the risks, specifically on the following information security domains:
o Security Architecture and Strategy (Integrated Risk Management)
o Data Leakage Prevention; Focus on Data Flow, Encryption
o Large Complex Program Execution/Implementation
o Security Function Design and Governance
o Incident Management
o Security Infrastructure
Prepare and implement effective security and compliance training to employees to ensure that any changes in regulations are communicated in a timely manner
Develop, maintain security management plan for the engagement and provide periodic updates to the management and business leaders on the compliance.
Develop and monitor security metrics for the engagement.
Review security exceptions for the engagement and identify risks
Monitor the security risk mitigation plans
- 10+ years of experience in information security, preferably in the BPS Services Sector and outsourcing industry
- Bachelors' degree in Computer Science or equivalent certification
- Security certifications desired such as CISA, CISSP, CISM, CRISC etc
- In-depth understanding of network and system security technology and practices across all major-computing areas.
- Proficient in providing security advisories, solutions or mitigation approach on the inherent risks
- Experience in understanding and deploying risk management frameworks
- Focused personality, with a demonstrated ability to take initiative, successfully handle and prioritize multiple competing assignments and effectively manage deadlines
- Ability to think strategically; work with a sense of urgency and pay attention to detail.
- Ability to present complex solutions and methods to a general community.
- Ability to interact with all levels of management and high-profile individuals
- Independent thinking, willingness to 'step outside the box' and take reasonable, calculated risks.
- Excellent written and verbal communication and organizational skills.
- Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources.
- Experience with working on global teams across time zones, cultures and languages