Soma Capital Portfolio Jobs

Information Security Officer

Karbon Card

Karbon Card

IT
Bengaluru, Karnataka, India
Posted on Nov 22, 2024
Job Description

Position Summary:

The Information Security Officer is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The Head of IS responds to incidents, establishes appropriate standards and controls, manages security technologies, and directs the establishment and implementation of policies and procedures. Build security architecture aligned with the business goal.

Key Responsibilities

Strategic Leadership:

  • Develop and implement a strategic, long-term information security strategy and roadmap to ensure that information assets are adequately protected.
  • Establish and maintain a framework to ensure that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.

Risk Management

  • Identify, assess, and prioritize information security risks and implement mitigation strategies.
  • Develop and maintain an information security risk management program that includes threat modelling, vulnerability assessments, and risk assessments.
  • Monitor and report on risks and the effectiveness of risk management processes.
  • Conduct Business Impact Analysis and build BCP and DR by aligning with each department.

Policy Development

  • Establish, maintain, and enforce a group-wide information security management program to ensure that information assets are adequately protected.
  • Develop, implement, and maintain policies and procedures that govern the security of data and information systems.

Incident Response

  • Lead the response to security incidents, including the investigation of violations and the implementation of corrective actions.
  • Develop and oversee incident response planning, as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches.

Compliance And Governance

  • Ensure compliance with relevant legal, regulatory, and contractual requirements.
  • Oversee the development and implementation of security programs that address security objectives, including audit reviews, risk assessments, vulnerability assessments, and compliance assessments.

Technology Management

  • Evaluate new security technologies and make recommendations for adoption. Oversee the selection, implementation, and operation of information security technologies.
  • Direct and approve the design of security systems.

Team Leadership

  • Build, develop, and manage a high-performing information security team.
  • Provide leadership and mentoring to the information security staff.
  • Manage security budgets and monitor costs, ensuring they are within budgetary limits.

Collaboration

  • Work closely with other executives to prioritize security initiatives and spending based on appropriate risk management.
  • Collaborate with internal and external auditors to ensure compliance with policies and controls.

Training And Awareness

  • Develop and implement a security awareness program to educate the organization on security best practices and policies.
  • Conduct training sessions for employees on various aspects of information security.

Audit Planning And Execution

  • Strong ability to design and implement audit plans, ensuring thorough assessment of security controls.

Qualifications

Education:

  • Bachelor’s degree in information technology, Cybersecurity, Computer Science, or a related field.

Experience

  • Minimum of 3-4 years of experience in information security and IT risk management, with at least 2 years in a Team Management / leadership role.
  • Proven experience in developing and implementing information security strategies and programs.
  • Experience in ISO 27001, SOC 2 Type I, and SOC 2 Type II audits.
  • Proficient in control assessment, audit planning, and reporting.

Certifications

Certified Information Systems Security Professional (CISSP), Certified Information

Security Manager (CISM), CISA or similar certifications are highly desirable.

Skills

  • Strong knowledge of information security management frameworks (e.g., ISO/IEC 27001, NIST).
  • Knowledge on regulatory requirements in terms of infosec from Different Laws Like GDPR, DPDP, IT Act 2000, CICRA and different US data privacy laws will be preferred.
  • Strong communication skills, with the ability to convey complex information security concepts to non-technical stakeholders.
  • Extensive experience in security policy development, risk management, and incident response.
  • Excellent leadership and management skills, with the ability to lead and motivate a team.
  • In-depth understanding of the latest security principles, techniques, and protocols

Skills: leadership,incident response,security policy development,strong communication skills,gdpr,risk management,compliance,nist,it act 2000,leadership and management skills,audit reports,security,iso/iec 27001,cicra,information security management frameworks,us data privacy laws,dpdp,policies & procedures