Manager/ Sr. Manager - IT Risk & Information Security

Disha HR Services Pvt. Ltd
  • Mumbai
  • 12-22 lakh
  • 9-14 years
  • 27 May 2016

  • IT/ Information Technology

  • IT/ Technology - Software/ Services
Job Description

Role Holder Requirements:

Educational Qualifications

Graduate degree and/or MBA, or other equivalent qualification.

10 to 15 years experience in IT out of which more than 8 years in IT Risk Management/Information Security.

Desirable Certifications: CISA/CISM/CISSP/ISO27001LA/CRISC

Skills Required

Expertise in all aspects of Risk Management including identification, analysis, mitigation, reporting, awareness, Incident Management and Response, GRC, audit and compliance.

Must possess excellent team and vendor management skills, and proven ability to communicate IT Risk posture to executive management by means of ongoing reporting, tracking, monitoring etc.

Experience in managing strategic outsourcing projects especially in the information security domain

Experience in driving pan-organization initiatives and managing large programs

Knowledge of GRC tools and automation of risk management processes

Proven ability to develop KPIs, Metrics, Dashboards, Heat maps etc. for monitoring and reporting risks for operational as well as senior management consumption

Experience in maturing various operational processes to increase their efficiency and effectiveness

Knowledge of risk assessment of Business and IT processes, BCP/DR, projects etc. and developing suitable mitigation plans for the same.

Understanding of technical risks and experience in overseeing assessments such as VA/PT/Appsec/Security Architecture review etc.

Experience in tracking latest threats and responding to them in a timely manner.

Knowledge of Advanced Persistent threats (APT), Anomaly Detection systems, SIEM, Log management solutions

Knowledge of Identity & Access Management, Privileged identity and access management, Data security products such as DLP, Digital Rights Management (DRM), Data Base Activity Monitoring (DAM) etc.

Exposure to software license management and compliance processes

Sound understanding of Data, Application security and secure SDLC framework

Experience in managing Security Operations Center (SOC) and Incident response


Demonstrate collaborative work ethics and enterprise-wide mindset in the performance of duties.

Ability to drive change across various business and technology functions

Promote a strong culture of control awareness and risk mitigation in all dealings with the Technology and Business.

Provide focus and clarity in establishing individual goals, driving performance management, supporting career development and rewarding strong performance.

Excellent communication and presentation skills

Well-developed impact and influence skills

Proven track record of building strong relationships across business functions

Strong vendor management skills

Roles & Responsibilities:-


Responsible for managing IT Risk Operations including Process, Technology, Cyber Security, Audit, Legal and regulatory compliance. Candidate should be a subject matter expert on IT Risk Management with proven leadership capability to manage and drive risk management processes at pan-organization level including business functions.


Manage various IT Risks including identification and closure.

Provide effective oversight of risk management practices by deploying effective and efficient processes.

Responsible for all risks including process, technical, and incident based.

Contribute to and support the execution of IT Risk management programs.

Publish monthly reports to CTO/Senior management. Participate in the governance/review activities for various initiatives including those of business ensuring that existing and emerging IT Risks are identified and mitigated in a proactive manner.

Manage vendors as part of strategic outsourcing assignments.

Oversee various risk assessments such as Business Process Reviews/VA/PT/Appsec/ etc.

Responsible for Security Incident Response.

Responsible for overseeing 24x7 Security Operations Center (SOC)

Engage with stakeholders such as business teams, IT operations teams, application development teams etc. for driving risk closures.

Responsible for defining and enforcing security policies, standards/guidelines and reporting compliance to policies

Establish effective monitoring practices to ensure adherence to the IT risk management framework and policy.

Liaison with Senior executive management for matters related to IT Risk.
Key Relationships

Reports to Head IT Risk & Compliance

Technology senior and executive management

Management & Executives within the business

Counterparts in other financial institutions involved in IT Risk Management


Competencies/Skill sets for this job

Security Risk Management Information Security It Risk Data Security

Job Posted By

About Organisation

Disha HR Services Pvt. Ltd