Manager IT Cybersecurity and GRC

:

Job Title: Manager IT Cybersecurity and GRC

Exp – 8 to 12 years (Max)

Work Location: Bangalore, India

Job Type: Permanent

Your Role

Lipton is a global organisation with operating in over 100 countries. The information security department is responsible for ensuring the protection of every aspect of the IT business. This includes intellectual property from R&D, OT systems in manufacture and supply chain, Personal and confidential business data in each region, plus our customer data and PCI infrastructure for our online and physical stores.

You are responsible for delivering compliance to internal and external standards, frameworks, and attestations. You will be working across the business units, providing them regional and international risk and regulatory guidance. As an experienced Information Security & Risk Manager you will have a good understanding of IT controls and risk management. With an

exceptional level of attention to detail you will be an expert in data privacy and data protection, which is supported by your robust GDPR knowledge and ISO27001 implementation experience. In addition, you will oversee technical design reviews and be a member of the change control board.

You will be required to support the CISO with cyber program, projects, reports, and related initiatives. Plus, perform additional duties such as managing all functions of Cybersecurity, Cloud Security, technical design reviews, architecture, training, and awareness.

This role is crucial for protecting the organization's critical infrastructure and ensuring the security of its IT/OT systems.

Your Key Tasks
• Develop and implement security policies, protocols, and procedures for IT and OT environments to create a robust Security Governance framework.
• Lead the Security incident response and recovery procedures, such as incident identification, analysis, containment, eradication, and reporting in coordination with vendor partners (MSSP).
• Provide reports on Security Metrics, third party risk, risk register, industry events, gap analysis, and roadmap maturity progress.
• Develops and maintains the strategic risk register.
• Drive the implementation of our ambitious information security roadmap and support the CISO.
• Responsible for managing Information Security Governance, Risk, Compliance, and Assurance activities.
• Manage and maintain an Information Security & Risk framework.
• Support the information security team in monitoring security systems and generating reports on security incidents, vulnerabilities, and compliance status.
• Engage in developing, reviewing, implementing Disaster recovery plans and program.
• Coordinate with IT/OT functions, Auditors during audits and assessments.
• Handle Data Privacy operations, including conducting Data Protection Impact Assessments (DPIA) and Transfer Impact Assessments (TIA).
• Conduct training sessions and awareness programs to educate employees about cybersecurity best practices.
• Perform Security testing and auditing in IT/OT Systems, such as penetration testing, vulnerability scanning, and risk assessment by reviewing Microsoft 365/Azure Security and Compliance Dashboards.

Skills and Experience
• Experience designing and delivering secure technology solutions.
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection.
• Strong reporting, analytical skills, including demonstrated experience identifying and quantifying risk and providing effective resolutions.
• Experience in a senior compliance or information security role.
• Proven track record of appropriately managing security and risk related incidents.
• Experience of Azure Cloud Security, Network Security, Microsoft Security Stack.
• Vendor Management
• Knowledge of VAPM & VAPT.
• Understanding of GDPR, NIS2, ISO 27001, DORA

Qualifications
• Information Technology, or related degree (Required)
• CISM (Desirable)
• CISSP (Desirable)
• CRISC (Desirable)
• ISO27001 Lead Implementor (Desirable)