Lead - Information Security

Computers/Software $job.jobTypeName Trivandrum, Kerala ReqID:5984


Description

Roles and Responsibilities 
  • Serve as the primary point of contact for client security-related issues, escalating and resolving technical client escalation issues.
  • They act as the Client Assurance Subject Matter Expert (CA SME) in collaboration with the Service Management (SM) team.
  • Engage in and host client meetings to review deliverables, discuss requests, and provide high-level security expertise and support on existing controls and frameworks.
  • Assist with client management aspects, including questionnaires, timely response to client queries, and concerns.
  • Handle technical client escalation issues before reaching the Director CA, documenting and mitigating future escalations.
  • Provide technical support during the entire audit process, including following up on audit findings for remediation.
  • Proactively collect, document, and store evidence needed for client audits.
  • Engage SMEs from different business units through quarterly meetings.
  • Communicate client security control requirements to the SM team through regular training sessions.
  • Proactively engage SMEs to update the evidence library with new information.
  • Review FAQs for all business units annually and update with the latest information.
  • Develop and maintain customer-facing Security overview presentations.
  • Manage new vulnerabilities from external sources, internal penetration tests, or client notifications.
  • Identify the impact of vulnerabilities and generate initial communications for clients.
  • Attend real-time vulnerability calls for urgent issues and follow up on remediation progress.
  • Update and respond to technical issues raised by the RFP team.
  • Organize SharePoint folders for easy access to information and evidence.
  • Manage Jira updates and maintain accuracy in the CA confluence space.
  • Review and update the Client Assurance Standard Operating Procedure after consulting with the team.
  • Coordinate SME support for client audits in collaboration with the CA Service Management team.
  • Train teams on security controls and processes monthly, storing sessions in an easily accessible location.
  • Educate the Service Management team on updates and new developments in the security space.
  • Coordinate training opportunities from SMEs for the team to learn different security controls.
  • Orchestrate the annual review with Compliance of company-wide Security information presentations.
  • Support client-facing teams in sales meetings and client communications requiring security specialist support.
  • Operate with urgency for fast turnaround in competitive situations.
  • Engage in SOC operations threat tracking.
  • Participate in incident management, change control meetings, and cloud migration initiatives. 
    Requirements 
    • Ability to prioritize tasks, make quick decisions, and a strong understanding of security controls and governance.
    • Bachelor’s degree in computer science, Engineering, Information Systems, Business, or other Information security disciplines OR 7+ years of relevant professional experience in Information Security or IT Risk Management.
    • Desired: relevant information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) and GRC tools.
    • Understanding of legal and regulatory compliance standards and requirements against data and IT, including, CIS, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST, and COBIT.
    • Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; Excellent interpersonal, verbal, and written communication, including good presentation skills.
    • Can multi-task, communicate clearly, learn new technologies and processes, and provide support to process/solution owners.
    • Can drive projects focused on continuous improvement and efficiencies in the organization. Is someone who takes initiative and doesn’t require continuous monitoring.
    • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
    • Ability to understand technology, management, and leadership issues related to organization processes and problem-solving.
    • Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
    • Knowledge of information security program management and project management principles and techniques.
    • Knowledge of products that protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring, and logging mechanisms, etc.