Manager - Information Security

 Facilitate implementation of various standard, regulatory and compliance requirements such as ISO27001, SSAE18, PCI DSS, HIPAA etc. as applicable to the engagement  Support for responding to information security related request for information/ proposals (RFI/RFPs), review master services agreements and any renewals or amendments for the engagement  Analyze data generated during ongoing information processing activities to generate information security metrics that indicate the level of risk to the engagement

 Perform compliance testing and facilitate remediation for implementation of the Infosys Information Security and Compliance Unified Reporting Framework for Engagements (I-Secure) for the dedicated engagement by working with all relevant stakeholders  Document and ensure management of information security risks arising out of periodic security due diligence reviews  Drive process improvements for the engagement in the area of information security  Provide SME support in handling client reported security incidents and ensure timely closure of the raised incidents and submission of Root Cause Analysis (RCA) by various with various internal stakeholders such as the security incident management team (SIMT)within ISG  Communicate information security incidents to client within stipulated time frame as per the contract and track closure of all reported security incidents

 The candidate shall have at least 6-7 years’ experience in Information Security Governance, risk and compliance management with strong data and network security concepts. The candidate shall have vast experience in the areas of Risk Management, Governance, Compliance, Security policy and Metrics.  The candidate should possess excellent technical, analytical, troubleshooting and problem solving skills. The candidate is expected to work as an individual contributor and shall have excellent communication and collaboration skills.  The candidate shall possess thorough understanding and have experience in implementation of ISO 27001:2013, SSAE 18 SOC 1 & SOC 2, PCI DSS, HIPAA & other industry recommended standards and regulations.