Location: Pune, MH, India
Job ID: 1003337
• This position will give an opportunity to work for Information Security Governance on information systems, processes and technologies within the organization.
• This is a global role engaging stakeholders (at all levels) across geographies like India, Philippines and US
• This position will report to the Chief Information Security Officer and is expected to work independently on tasks assigned.
• This position requires:
o Managing and driving the Information Security Governance, Risk and Compliance function, which serves as the second line of defense.
o Hands-on experience in implementation of Security Governance framework.
o Works extensively on Vendor IT Security risk assessment/ Third Party Risk management
o Experience in performing Security audits and Risk Assessments in line with Information Security Standards (like ISO 27001) for Business processes and IT systems.
o Understanding on Legal & Regulatory requirements such as Data privacy, Intellectual property safeguards, Records Management etc.
o Knowledge about latest regulations, compliance, standards and procedures such as GLBA, SOX, ISO27000 Standards, CoBiT, COSO, FFIEC, etc.
o Ability to conceptualize Security Governance framework and have eagerness to assist Leadership with creation and implementation of Security Governance Policy Framework.
o Excellent verbal and written communication skills with a demonstrated ability to build and maintain relationships within the organization
o Ability to prepare Management Reports highlighting the security posture of the organization with regards to various security metrics defined inline with Enterprise Risk Management framework
o Strong proficiency in Microsoft Office applications (MS Excel, Word, PowerPoint etc.) with a general understanding of data analysis techniques
o Excellent organizational, skills, detail oriented, logical, and systematic with the ability to multi-task and drive projects to successful conclusion; must be able to gather and interpret relevant information; must have experience presenting conclusions in a clear and concise manner; with ability to work in a high value and strict deadline environment
JOB FUNCTIONS AND RESPONSIBILITIES
• Perform security reviews, evaluations, risk assessments, and monitoring on a regular basis to ensure exceptions and violations are identified and addressed.
• Perform and oversee Information Security Policy Framework
• Recommend appropriate corrective actions and remediation plans for risks identified
• Assist in developing the implementation of risk mitigation measures
• Create and manage multiple dashboard reporting mechanisms to facilitate improved communication and provide visibility on Security posture to Management and Senior Leadership
• Work with the Business functions to ensure security standards are in-line with Ocwen's risk management and information security policies
• Plan and execute vendor IT and Security audit programs in-line with Ocwen's risk management policies
EDUCATION / EXPERIENCE
• 9-12 years of progressive experience in one or more of the following: internal/external IT and business process auditing, sourcing advisory, vendor management roles
• Bachelor's degree from an accredited college / university. Management degrees MS, M. Tech or MBA in relevant field would be an added advantage.
• Preferred Certifications
o CGEIT or CISM
• Knowledge and understanding current DR planning techniques, industry standards and methodologies including BIA process, risk analysis procedures and RTO/RPO measurements preferred
• Demonstrated experience in conducting Risk Assessments for Vendors, Internal and External stakeholders
• Experience in Information Security or demonstrated knowledge on Information Security Operations
• Demonstrated experience in a multi-vendor environment
• Demonstrated experience in Cloud Security assessments on various Cloud platforms such as AWS, Azure, Oracle etc.
• Team handling experience
WORK SCHEDULE OR TRAVEL REQUIREMENTS
• 2 PM to 11 PM / 5 PM to 2 AM