Senior Manager Information Security - Cape Town
Salary Negotiable
Cape Town,
Western Cape
more than 14 days ago
Primarily responsible for
• Ensuring implementation and compliance to EXL’s information security policies (ISO27001), associated regulations and standards
• Facilitate external audits, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings
Performance Parameters
• Maturity of Information Security at EXL
• Compliance to Information Security policies, standards and processes
• Security incident management
• Client relationship management (facilitate external audits, SOX / SAS 70 reviews, rating agency reviews and customer audits)
Role Responsibilities
• Serve as internal information security consultant to the organization. Responsible for security planning and effectively managing information security risks within the operating environment
• Define information security policies, standards and processes for the organization
• Implement, manage and report on adherence to information security policies & standards
• Conduct and also perform reviews of overall information security risk assessments and associated activities including threat & vulnerability
analysis, risk identification and review / approve security plans
• Identify, and report any gaps and issues in risk assessment, risk mitigation, control implementation, testing and monitoring and updating processes
• Facilitate external audits, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings
• Understand Corporate Incident Management process and requirements, and in the event of an incident work closely with corporate security teams
• Provide direct training and oversight to all employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and processes
• Initiate, facilitate, and promote activities to create information security awareness within the organization
Primary Internal Interactions
• Technology Group
• DRP / BCP teams
• Corporate functions viz., Internal Audit, HR, Facilities, Finance, Legal, etc
Primary External Interactions
• Client / Client Auditors
• Security product and service vendors
Qualification
Minimum Graduation (Science and Engineering Background Only)
One or more of the following certifications: CISSP / CISA / CISM / ISMS Lead Auditor
Experience
Total Experience: 7-9 years
4-6 Yrs of experience in the field of security consulting and / or security audits for large corporate/BPO with multiple sites. Experience and knowledge on ISO27001, SOX, SAS70, information security audits, security policy & process development, etc. Experience and knowledge of multiple operating systems, databases, networks, ERP, etc
Risk Management experience in either:
Implementation of ISO27001 Information Security Management Systems (ISMS) and / or Security control framework based on:
· COBIT or GCC (general computer controls) for SOX404 compliance
· SAS 70 Audit requirements
Competencies
• Strong domain understanding of offshore technology sectors and / or business operations
• Capable of managing project tasks individually and as a team
• Ability to document and explain technical details in a concise & understandable manner
• Excellent client relationship management skills
• Excellent oral and written communication skills
• Excellent Presentation & Public speaking skills
• Ensuring implementation and compliance to EXL’s information security policies (ISO27001), associated regulations and standards
• Facilitate external audits, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings
Performance Parameters
• Maturity of Information Security at EXL
• Compliance to Information Security policies, standards and processes
• Security incident management
• Client relationship management (facilitate external audits, SOX / SAS 70 reviews, rating agency reviews and customer audits)
Role Responsibilities
• Serve as internal information security consultant to the organization. Responsible for security planning and effectively managing information security risks within the operating environment
• Define information security policies, standards and processes for the organization
• Implement, manage and report on adherence to information security policies & standards
• Conduct and also perform reviews of overall information security risk assessments and associated activities including threat & vulnerability
analysis, risk identification and review / approve security plans
• Identify, and report any gaps and issues in risk assessment, risk mitigation, control implementation, testing and monitoring and updating processes
• Facilitate external audits, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings
• Understand Corporate Incident Management process and requirements, and in the event of an incident work closely with corporate security teams
• Provide direct training and oversight to all employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and processes
• Initiate, facilitate, and promote activities to create information security awareness within the organization
Primary Internal Interactions
• Technology Group
• DRP / BCP teams
• Corporate functions viz., Internal Audit, HR, Facilities, Finance, Legal, etc
Primary External Interactions
• Client / Client Auditors
• Security product and service vendors
Qualification
Minimum Graduation (Science and Engineering Background Only)
One or more of the following certifications: CISSP / CISA / CISM / ISMS Lead Auditor
Experience
Total Experience: 7-9 years
4-6 Yrs of experience in the field of security consulting and / or security audits for large corporate/BPO with multiple sites. Experience and knowledge on ISO27001, SOX, SAS70, information security audits, security policy & process development, etc. Experience and knowledge of multiple operating systems, databases, networks, ERP, etc
Risk Management experience in either:
Implementation of ISO27001 Information Security Management Systems (ISMS) and / or Security control framework based on:
· COBIT or GCC (general computer controls) for SOX404 compliance
· SAS 70 Audit requirements
Competencies
• Strong domain understanding of offshore technology sectors and / or business operations
• Capable of managing project tasks individually and as a team
• Ability to document and explain technical details in a concise & understandable manner
• Excellent client relationship management skills
• Excellent oral and written communication skills
• Excellent Presentation & Public speaking skills