Senior Manager Information Security - Bengaluru, India - NetSysCon Consulting

    NetSysCon Consulting
    NetSysCon Consulting Bengaluru, India

    1 week ago

    Default job background
    Human Resources
    Description

    We are looking for a Director Information Security for our client which is a VC funded Fintech Platform

    Job Profile:

    Ensure effective functioning of the Information Security function – managing policies & procedures, hardening of infrastructure and SDLC processes

    Develop and maintain an information security strategy and roadmap aligned with organizational goals and industry best practices. Manage the Information Security Annual Operating Plan and budget and ensure adequate resources are allocated to support the function

    Drive external regulatory compliances and audits

    Drive adherence to Advisories, Circulars, Cert-In compliance and audits conducted by RBI.

    Develop and manage the security incident response plan and ensure it is regularly tested and updated

    Conduct regular risk assessments and vulnerability assessments to identify potential security risks, and develop and execute plans to mitigate these risks.

    Collaborate with other functional areas of the organization, including legal, engineering, IT and operations, to ensure that security requirements are integrated into business processes and systems

    Drive support for GTM teams in sales lifecycles and craft a narrative to convert opportunities into a win

    Build and own relationships with CISO teams with partner banks and NBFCs.

    Serve as a subject matter expert on information security matters and provide guidance and recommendations to senior management and other stakeholders

    Requirements:

    5 to 8 years of infosec experience

    Must have experience working in a fast-paced B2B startup environment with an engineering team that has seen scale e.g. 5x-10x growth

    Prior experience in running or managing a SOC

    Prior experience with global compliances across US, EU and UAE.

    Preferred Certifications: CISSP / CCSP / CISM

    A good working knowledge of Information Security including ISO 27001/PCI-DSS and related Information Security Management Experience / Certification in review/audit or implementation of security architectures.

    Knowledge of GDPR, DPDPA, their business implications and the merits of various technical approaches.

    Knowledge of Data Centre, cloud architecture (AWS preferred), endpoint management and security technologies (SIEM, DLP etc.).

    Exposure to Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Information security incident Response, and security compliance audits

    Strong understanding of Information Security including threats, attacks, and vulnerability management

    Understanding of Zero Trust concepts and architectures

    Understanding of privacy by design

    Deep expertise in Microservices, CI/CD builds, DevOps, Infrastructure-as-Code, Test-Driven Development (TDD), DevSecOps, and similar solutions & methodologies

    Ability to articulate complex technology & risk management concepts to senior executives clearly and accurately portraying real risks and threats to the organization

    Exposure to Platform Security, Data Security, Network Security, Cloud Security, Physical Security, Security Assessment Tools including SAST, DAST, and SCA, Security Monitoring Tools, and Managed Security Services

    Excellent verbal and written communication skills, including the ability to explain technical contractual aspects to associates both technical and non-technical

    Ability to build, configure, test and implement Cyber Security solutions

    Ability to consistently execute against tight deadlines with incomplete or ambiguous information in rapidly changing environments around data protection and privacy.

    Prior experience in managing RBI and bank audits