GAIN

Information Security Manager

GAIN

full-time

Posted on:

Origin:  • 🇮🇳 India

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

About the role

  • Own the Statement of Applicability (SoA), mapping controls to Annex A and ensuring evidence of control design and operating effectiveness.
  • Plan and execute the internal audit programme; coordinate surveillance and recertification audits; manage corrective and preventive actions
  • Maintain the policy framework (classification, access control, cryptography, secure development, change, supplier security, etc.) with robust document control.
  • Own the risk management cycle: identification, assessment, treatment plans, residual risk acceptance, and risk register maintenance.
  • Manage the communication of the ISMS with all interested parties including training, processes and documentation to employees, effective reporting of measurement against objectives to senior leadership and responding to client information security questionnaires
  • Play a key role in the assessment, review and continuous monitoring of supplier organisations and technology partners
  • Maintain the Incident Response Plan and runbooks; lead incident handling, forensics coordination, and postincident reviews.
  • Align security with Business Continuity and Disaster Recovery e.g., RPO/RTO requirements, backup/restore testing, resilience of critical suppliers.
  • Define and report security KPIs to the Information Security committee e.g., patch compliance, incidents, risks, phishing fail rate, incident metrics, control coverage, audit findings.
  • Work with IT, Operations, Engineering and wider business units to help identify risks and to scale good practice.

Requirements

  • 5+ years in information security with handson ownership of an ISO 27001 ISMS.
  • Proven experience delivering Cyber Essentials Plus from scoping through remediation and assessment with an IASMEaccredited assessor.
  • Industry certification such as ISO27001 lead implementor or Lead auditor, CISSP, CISM, CCSP, NCSC CCP
  • Strong grasp of ISO/IEC 27001:2022 & 27002:2022 controls, risk management, internal audit, and management review.
  • Able to translate security risk into business impact and influence stakeholders at all levels
Coalfire

Information System Security Officer, ISSO, Hybrid

Coalfire
Mid · Seniorfull-timeDistrict of Columbia, Washington · 🇺🇸 United States
Posted: 29 days agoSource: federal-coalfire.icims.com
CloudCyber SecurityIoTOracleVault
Tevora

Information Security Consultant – System and Organization Controls, SOC 1/SOC 2 Compliance

Tevora
Junior · Midfull-timeCalifornia, Virginia · 🇺🇸 United States
Posted: 19 days agoSource: jobs.lever.co
Cyber Security
EEOC

Senior Analyst IT Information Security

EEOC
Seniorfull-time$89k–$148k / yearPennsylvania · 🇺🇸 United States
Posted: 35 days agoSource: careers-fult.icims.com
Coalfire

PCI QSA Consultant

Coalfire
Juniorfull-time$64k–$112k / year🇺🇸 United States
Posted: 21 days agoSource: jobs.lever.co
AWSAzureCloudCyber SecurityGoogle Cloud Platform
CGS Federal (Contact Government Services)

Information Systems Security Officer, ISSO

CGS Federal (Contact Government Services)
Mid · Seniorfull-time$92k–$125k / yearFlorida · 🇺🇸 United States
Posted: 18 days agoSource: jobs.lever.co
Cyber Security