Information Security Manager
Gurgaon, IN
5d ago

Information Security Manager-(2200010R)

CWT’s global information security organization is seeking to hire an Information Security Manager to join its Security Risk and Compliance team .

The role will provide support for information security governance, risk management, and audit and compliance activities across CWT

What You Will Be Doing

  • Manage internal security assessments and security reviews; conduct security risk analysis of business processes and technology solutions to evaluate whether they comply with internal security policies and standards as well as regulatory / industry requirements and security best practices.
  • Support annual security compliance audits (e.g., PCI DSS, SOC 1 / SOC 2, ISO 27001 : 2013).
  • Manage the third-party / vendor security risk assessment process; monitor and report on progress of third-party / vendor security risk treatment activities by business owners.
  • Support the Sales process by participating in customer-initiated security due diligence and / or vendor qualification audits, reviewing security terms in customer contracts, and helping to respond to security questionnaires and documentation requests from customers.
  • Manage DLP remediation work in compliance with PCI DSS
  • Assist with maintenance of information security program documentation consisting of information security policies, standards, and guidelines, and coordinating management ratification of policies and standards at regular intervals.
  • Participate in improving the overall Security culture across CWT; contribute to employee security awareness campaigns and educational activities to address areas of potential risk and / or gaps in compliance.
  • Qualifications

    What You Need for this Position

  • 10+ years of demonstrable experience in security risk management, auditing and compliance, with a focus on supporting security risk assessments and security audit and compliance activities.
  • Good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes.
  • Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies.
  • Good understanding of industry standards for compliance such as ISO 27001 : 2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards.
  • Basic understanding of risk assessment methodologies and best practices.
  • Ability and willingness to produce and maintain documentation and reports, specifically developing policies, standards, risk assessment reports, and other forms of Security Risk Management Program documentation.
  • Possess or actively seeking information security or IT audit certifications, such as CISSP, CISA, CISM CRISC, or their equivalent.
  • Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form