Senior Manager-Information Security

Company Description

About Sopra Steria
Sopra Steria, major Tech player in Europe recognised for its consulting, digital services and software development, helps its clients drive their digital transformation and obtain tangible and sustainable benefits. It provides end-to-end solutions to make large companies and organisations more competitive by combining in-depth knowledge of a wide range of business sectors and innovative technologies with a fully collaborative approach. Sopra Steria places people at the heart of everything it does and is committed to putting digital to work for its clients in order to build a positive future for all. With 50,000 employees in nearly 30 countries, the Group generated revenue of €5.1 billion in 2022.
The world is how we shape it.

Job Description

Senior Manager - Information Security
Experience: 12+ years
Location: Noida

Candidate Profile:

Should have in-depth understanding of ISO 27001:2013, ISO 27001:2022, GDPR, DPDP Act, and other equivalent standards and Information Security Management System (ISMS) implementation for the organization.

Should be well versed with firewalls, proxies, SIEM, antivirus, and IDPS concepts. Should have decent understanding of Application Security.

Should know Cloud Security best practices and assessment (crypto specifics HSM & Vaults).

Should have strong understanding of NIS2, MITRE ATT&CK Framework, OWASP Standards, etc.

Should be able to:

- Formulate new and evolve existing policies with respect to changing technologies and business dynamics

- Understand business needs and risks assessment, in order to ensure appropriate security controls

- Perform effective ISMS audits on IT Projects, internal systems and third-party audits, w.r.t., ISO 27001:2022, NIS2, MITRE ATT&CK Framework, OWASP Standards as required in order to maintain compliance and certifications

- Coordinate the information security compliance initiatives across the organization

- Work with organizational Functions/Delivery accounts to ensure employees are aware of information security issues, are trained in information and data security best practices, and are practicing safe/secure data collection, data transfers and storage, and use of social media, mobile devices, and apps, among others

- Work with Support functions in managing and improvising the information security management system, by monitoring internal systems to ensure that appropriate controls are maintained

- Track, report and escalate violations of information security policy

- Investigate Information Security incidents and data breaches, and implement additional controls as and when necessary

- Building awareness and competences in the area of Information Security and Data Protection for new and existing employees

- Strong understanding of privacy regulations such as GDPR, Draft India Data Protection Bill and privacy frameworks

- Should have experience in at least 3 end to end privacy assessment & implementation projects (GDPR, DPDP, other country specific regulations)

- Interview client stakeholders and develop project artifacts such as Privacy Impact analysis, data flow diagrams & identify gaps

-  Experience in implementation and use of privacy enhancing technologies and design of data privacy framework.

Qualifications

B. Tech., Science Graduate

Additional Information

At our organization, we are committed to fighting against all forms of discrimination. We foster a work environment that is inclusive and respectful of all differences.

All of our positions are open to people with disabilities.