Information Security Manager Vulnerability Assessment

Job description

<p><p><b>Job Description : </b><br/><br/>Company : Glan Management Consultancy<br/><br/>Location : Gurgaon<br/><br/>Experience : 7-15 year<br/><br/>Employment Type : <br/><br/><b>Job Description : </b><br/><br/>Job Title : Manager Information Security - IT</p><p><br/>Job Purpose : </p><p><br/></p><p>Acting in a key technical management & execution capacity to provide a conduit between IT teams and key business stakeholders in your functional area of IT Security to ensure information technology needs are managed consistently, following professional IT and global standards, and delivered with a high level of quality and customer satisfaction.</p><p><br/></p><p>Reward level : Middle Management</p><p><br/></p><p>Job Location : Gurgaon<br/><br/></p><p>Experience : 10+ years</p><p><br/>Relevant Experience : 7+ years</p><p><br/>Reporting to : General Manager<br/><br/></p><p>Qualification : Bachelor degree in IT<br/><b><br/></b></p><p><p><b>Key Deliverables : </b></p><p><br/><p>- Provide support as Lead auditor towards ISMS and PIMS policies, procedures, and guidelines and perform regular review and update.<br/>- Perform deep assessment to gather evidence of continuous compliance with ISO 27001 : 2022 and ISO 27701 : 2019, DPDPA, IT Act and Cert In Regulation including audit logs, records of reviews, timely closure of open audit and risks and sharing the report with management.</p></p><br/>- Conduct regular, documented information security and privacy risk assessments identifying assets, threats, vulnerabilities, likelihood, and impact with stakeholders.<br/><br/>- Prioritize identified vulnerabilities, detailed findings, remediation recommendations, trending reports on vulnerability posture towards closure with stakeholders.<br/><br/>- Development and implementation of a comprehensive, ongoing security awareness and training program for all employees.<br/><br/>- Encourage secure behaviours among colleagues and reinforce the importance of information security and privacy in daily operations.<br/><br/>- Prepare regular report on overall information security posture, GRC maturity, and risk landscape to relevant stakeholders<br/><br/>- Ability to collect lessons learned from incidents, audits, and assessments to drive continuous improvement in ISMS/PIMS and security processes.<br/><br/><b>Key Relationships :</b></p><p><b><br/></b></p><p>- Internal IT and business customers.<br/><br/>- Global IT Vendor, market and global (HQ) colleagues, Local vendor partners<br/><br/>- Internal staff - direct reports (where applicable)</p><p><br/>- IT vendors, contractors (where applicable)<br/><br/><b>Knowledge Skills and Abilities : </b><br/><br/>- Must possess and demonstrate ISO 27001 Lead Implementer/Auditor and ISO 27701 Lead Implementer/Auditor certifications and knowledge.<br/><br/>- In depth understanding of IT Act, DPDPA, Cert In regulations, CIS Controls as well as UK DPA and ISO 31000<br/><br/>- Good to have certification on CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional) and Cloud Security certifications (e.g., CCSK, CCSP, vendor-specific like AWS Security Specialty)<br/><br/>- Familiarity with common vulnerability scanning tools like Qualys (features, reporting, agent-based vs.

network scans) and Cloud Security Posture Management (CSPM) tools like Wiz (cloud service provider configurations, misconfigurations, compliance checks in AWS, Azure, GCP).<br/><br/>- Understanding of various penetration testing types (e.g., network, web application, API, mobile, cloud) and methodologies<br/><br/>- Knowledge of common attack vectors and exploitation techniques like MITRE ATTACK and DEFEND framework.<br/><br/>- Basic to intermediate knowledge of common security controls and technologies (e.g., firewalls, EDR, Cloud Security, VAPT tools, SIEM, WAF, DLP, encryption).<br/><br/>- Understanding of network protocols, operating systems (Windows, Linux), and common application architectures.<br/><br/>- Knowledge of audit principles and practices (internal and external audits).<br/><br/>- Understanding of corrective action planning and non-conformity management.<br/><br/>- Understanding of third-party risk management principles and vendor due diligence processes.<br/><br/>- Excellent technical writing skills for creating clear, concise, and comprehensive security policies, standards, and procedures.<br/><br/>- Ability to analyse complex risk data and present actionable insights.<br/><br/>- Hands-on experience with Qualys for configuring scans, analysing reports, and managing vulnerabilities.<br/><br/>- Hands-on experience with Wiz CSPM for monitoring cloud environments, identifying misconfigurations, and generating compliance reports.<br/><br/>- Proficiency with GRC platforms or tools for managing policies, risks, and controls<br/><br/>- Exceptional verbal and written communication skills to articulate complex security concepts to technical and non-technical stakeholders<br/><br/>- Ability to build strong relationships and collaborate effectively with diverse teams (IT, Legal, HR, Development, Business Units).<br/><br/>- Skills in influencing behaviour and driving change across the organization to improve security posture.<br/><br/>- Strong analytical skills to diagnose security issues, identify root causes, and develop effective solutions.<br/><br/>- Ability to critically evaluate security controls and identify gaps.<br/><br/>- Contract review and negotiation skills specifically for security-related services.<br/><br/>- Ability to effectively manage vendor relationships and performance.<br/><br/>- Ability to develop and deliver engaging security training sessions and awareness campaigns.<br/><br/>- Ability to stay updated with the latest security threats, vulnerabilities, technologies, and regulatory changes.<br/><br/>- Capacity to quickly learn and adapt to new tools and methodologies.<br/><br/>- Meticulous attention to detail in policy creation, audit documentation, and vulnerability analysis.<br/><br/>- Ability to act calmly and effectively during security incidents and contribute to incident response efforts.<br/><br/><b>Key Skill : </b><br/><br/>information security manager, IT security, ISO 27001 LA, ISO 27001 LI, ISO 27001 LI/LA, ISO 27701, ISO 31000, internal auditor, DPDPA, CISM, compliance ISO 27001 : 2022<br/><br/><b>Job Type : </b> Full-time</p><br/></p> (ref:hirist.tech)

Required Skill Profession

Computer Occupations