Manager - IT

Application Risk Management Consultant

Act as the functional specialist for Cyber Security Risk Management (CSRM):

·        Advanced knowledge on various Risk Methodologies – Octave, ISO31000 etc.

·        Adopt, Define, Implement, evolve the risk framework for the Organization.

·        Conduct / Facilitate smooth conduct of Risk Assessment on Applications, Network& Systems.

·        SME Knowledge on conducting data security and privacy assessments.

·        Proactively review Indigo’s information security and related risks threats and vulnerabilities & compliances (ISO,PCIDSS, SOC1/2 , SSAE etc.)

·        Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the CSRM requirements and its implementation methodologies.

·        Work with Project Managers, Business Analysts, Architecture and Support Team to ensure Indigo’s CSRM standards are being followed.

·        Responsible for Cyber security and Data Privacy awareness

·        Actively participate in reviewing and improving the data Security and privacy controls implemented in the organization.

·        Active participation in the Assurance and Architecture level discussions in the engagements.

·        Serves as CSRM entity for creating Security awareness sessions both scheduled (Induction) and ad-hoc ones.

Requirements

·        Good understanding of, and experience with Information Risk Management, Audit (internal and external), and Business (IT) Controls.

·        Advanced understanding of internal and external IT security standards, PCI standards and relevant legal compliance aspects like GDPR, Various compliances like ISO, BSI etc.

·        Robust understanding of, and solid experiences with the impact of CSRM on application development and operations as well as the IT Infrastructure.

·        Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network across Group businesses, as well as with external groups.

·        Technical knowledge & relevant experience in security domains /technologies related to:

Infrastructure/Network security

Data Privacy and Business Impact Assessment - PCI DSS, Privacy Principles, GDPR etc.

Data Classification discussions with business.

·        Driving Platform / Application security and compliance as part of Project Engagement.

·        Ability to foresee and identify mitigation strategies for Risks Candidate must also:

Display excellent communicating and influencing skills

Display analytical and problem solving skills

Be pro-active and self-motivated

·        A qualification in CISA, CRISC or CISM Experience

·        Must have previous experience in an (Information/Cyber) Risk Management team.

“IndiGo never asks for money for interview or hiring.

Refer to our job website - or for official job postings”

#LI-6ERECRUIT