Regional Security Manager

Job Description

The Regional Security Manager (India) will directly report to the Director, Information Security Governance, Risk & Compliance and IAM and will be responsible for:
• Providing security oversight for all functions related to the Information Security program that pertain to the India RMS office(s)
• Working as part of the GRC team to conduct periodic internal security audits, reviews, and oversight across the global RMS business, including local India operations
• Support varied ongoing platform (Cloud, Identity, Data) governance & risk assessment activities
• Playing a key role in the annual (re)certification of all RMS platforms, products, and services
• Providing day-to-day management, guidance and ensure teamwork across the various Information Security positions based out of India, including supporting review processes, and hiring practices
• Coordinating and managing security issues and incidents within the region for escalation or handoff to ensure a follow-the-sun support and response model
• Define and operationalize RMS s risk management program and work with the business and technology teams to support with risk identification, tracking and remediation
• Supporting the appropriate application of policies control standards and procedures
• Participating in key business projects within the region to assure that security standards are maintained while meeting the business requirements
• Preparing, coordinating, and conducting security training courses and site risk assessments
• Partnering with functional teams and IT peers to ensure information security controls meet intended security objectives
• Partnering with the Facilities team to ensure all offices have appropriate security coverage, plan security infrastructure and support
• Developing and implementing effective local policies and procedures to ensure processes and procedures are in place to deal with a wide variety of Security and Business Continuity situations.
• Supporting IT audit procedures relevant to ISO 27001, SOC 2, C5, SOX, Hitrust and other international data protection or privacy-related regulations, such as GDPR, CCPA, IS 17428 etc.
• Supporting GRC efforts to implement and manage an Identity and Access Management Program to ensure appropriate authorization to key resources, including the development of a Role Based Access Control and Role Review process.
• Supporting and managing an ISO compliant technical program to ensure appropriate security controls are baked into core business operations. E.g. IAM, BCP, DevSecOps, Training, Auditing, Configuration Management, Encryption, etc.
• Support developing training programs and FAQs related to data protection, privacy and secure data handling procedures
• Providing oversight and guidance for periodic security assessments (Internal Audits) to ensure compliance with information security policies and established security controls
• Support activities related to Risk Register, Policy Exception Tracking, and Security Dashboard processes, standards, and components
Qualifications
• At least one security-related certification, such as CISA or CISM, preferred.
• Minimum 5+ years of experience in Information Security with an emphasis on IT audit, IT risk management and/or IT compliance.
• Excellent analytical, technical, and internal audit skills
• Excellent organizational and documentation skills
• Strong project management skills highly desired
• Experience in testing, monitoring, and reporting on internal controls (background in control design is a plus)
• Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2, C5, GDPR and IS 17428
• Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.
,

Keyskills :
iso 27001it riskit risk managementsopsecurity operationsit auditsafetyhedge funds