The Senior Information Security Management Specialist is an advanced subject matter expert, responsible for playing a crucial part in overseeing the organization's information security program, with a focus on cybersecurity and policy management. This role involves managing overall ISMS, leading risk assessments, developing information security policies, ensuring alignment with industry standards and regulations, and fostering a culture of information security awareness among employees.
Key Responsibilities:
- Ensure compliance and maintenance of ISO 27001:2022 standard as well as all Information Security requirements with respect to laws, regulations, client requirements, NTT DATA and Group requirements including active participation in internal and external ISMS audits.
- Leads risk assessments and gap analyses to identify vulnerabilities and recommends risk mitigation strategies.
- Develops and maintains information security policies, standards, and procedures.
- Collaborates with legal and compliance teams to ensure adherence to regulatory requirements.
- Provides guidance and support to junior information security team members.
- Assists in the creation and delivery of information security awareness and training programs.
- Participates in information security incident response activities as needed.
- Contributes to the continuous improvement of the information security program.
- Assists in policy management and refinement.
- Conducting information security audits, gap assessments, managing external certification and customer audits.
- Performs any other related task as required.
Knowledge and Attributes:
- Advanced understanding of information security frameworks and standards.
- Advanced proficiency in conducting risk assessments, analyzing security controls, and policy management.
- Excellent communication and interpersonal skills for collaborating with various stakeholders.
- Strong project management skills for handling security initiatives.
- Advanced familiarity with aspects related to information security.
Knowledge and application:
- Applies advanced wide-ranging experience and in-depth professional knowledge to develop and resolve complex models and procedures in creative way.
- Directs the application of existing principles and guides development of new policies and ideas; Determines own methods and procedures on new assignments.
Problem solving:
- Understands and works on complex issues where analysis of situation or data requires an in-depth evaluation of variable factors, solutions may need to be devised from limited information.
- Exercises judgment in selecting methods, evaluating, adapting of complex techniques and evaluation criteria for obtaining results.
Interaction:
- Frequently advises key people outside own area of expertise on complex matters.
Academic Qualifications and Certifications:
- Bachelor's degree or equivalent in Information Technology or Computer Science degree or related field.
- Information Security certifications such as ISO 27001 Lead Auditor/Implementer, CISM, CRISC, CEH, COBIT or equivalent preferred.
Required experience:
- Must have 8 - 10 years of experience related to Information Security/Cybersecurity.
- Advanced experience in information security, managing and conducting audits
- Advanced experience in leading risk assessments, compliance efforts, security awareness initiatives, and policy management
Work Conditions and Other requirements:
- Travel required 20% of time.
- Perform work from a remote location with stable internet connection.
