About the Role:

- We are seeking experienced information and cybersecurity risk specialist to deliver a range of activities associated with the discharging of Information security line responsibilities. This role will support the Information Security Office in governance and risk function within the Organization
- This role will have considerable engagement with all business units and other stakeholders across the Organization
- Provide support and clarity to users of the information and cybersecurity policy framework answering related questions and challenges as they arise
- Carry out weekly Information Security awareness sessions for new joiners and such session on ad-hoc basis for various departments based on requests
- Develop and deliver communications, awareness and engagement campaign
- Perform Risk Assessments and identify mitigation measures. Drive control implementation to bring the residual risk within the risk appetite
- Create and maintain monthly Information Security metrics and report it to Information Security Officer
- Act as Deputy Information Security Officer
- Carry out day-to-day tasks related to Information Security w.r.t. managing Administrative rights, Information classification, access recertification
- Carry out internal audits based on MBAG Cyber Security framework and perform spot checks for clear desk policy
- Govern the Vulnerability, Patch, AV management functions to ensure KPIs are met
- Follow up and ensure Applications are complying to the required Security standards
- DLP – Design, Deployment, Configuration & Monitoring, System management and contingency planning
- Respond to Information Security Incidents and manage Request and Incident queue for ISO
- Strong ability to drive multiple workstreams in parallel within GRC
- Improve controls for internal systems, processes, and policies
- Understand technical implementation details necessary to assess general and situational Information Security risk
- Responsible for the development and oversight of required mitigation plans relating to information security risk and policy exceptions
- Involve in Internal/ External audits for InfoSec areas Governance Operations
- Carry out Third party supplier Information Security audits
- Effectively and collaboratively, identify, escalate, mitigate and resolve risk, conduct, and compliance matters
- Implement and maintain the Security Management System based on ISO 27001

Experience and Qualifications:
- 8+ years’ experience in information systems security and IT Risk Management
- Knowledge of pragmatic security controls across all security domains such as logical and physical access management, system development security, encryption methods, vulnerability management, network security, etc.
- Demonstrated leadership experience working and communicating at executive levels
- Experience developing and producing security metrics and reports that are meaningful and actionable across various audiences
- Effective communication, negotiation and problem solving skills
- Experience working with Internal and External Audit teams
- Proactive and detail orientated team player
- Excellent project management skills
- Eagerness to learn new things and discover emerging and new data trends
- Advanced security certifications like ISO 27001 LA, CISM, CISA, CISSP, CRISC preferred
- Experience working in a R&D environment a plus