QualityKiosk Technologies Pvt. Ltd.
Website:
qualitykiosk.com
Job details:
About the Company
QualityKiosk Technologies is a global leader in Quality Engineering (QE) & Digital Transformation, serving 325+ clients worldwide across 25+ countries with a workforce of 4,000 employees. We empower leading brands in banking, insurance, retail, e-commerce, telecom, automotive, OTT, and more to achieve their transformation goals.
Responsibilities
- Assist CISO in developing, implementing and monitoring a comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
- Assist CISO in developing and maintaining and publishing up-to-date information security policies, standards and guidelines and any client specific requirement pertaining to Information Security.
- Oversee the approval, training, and dissemination of security policies and practices.
- Create, communicate and implement a risk-based process for RBAC, TPRM, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
- Contribute to creation and managing information security and risk management awareness training programs for all employees, contractors and approved system users.
- Work directly with the business units to facilitate IT risk assessment and risk management processes and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
- Provide regular reporting on the current status of the information security program to CISO.
- Provide infosec / risk guidance for implementing IT projects, including the evaluation and recommendation of technical controls. Coordinate information security risk management projects with resources from the IT organization and business unit teams.
- Ensure that security programs comply with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
- Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
- Oversee effective Disaster Recovery, BCP and WFH policies and standards to align with enterprise business continuity management program goals.
- Define KPI/metrics and reporting framework to measure the efficiency and effectiveness of the ISMS program.
- Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.
- Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
- Liaise with Business Units and IT in understanding and responding to security audit observations or non-conformities reported by auditors.
- Assist CISO in managing security issues and incidents and participate in problem and change management forums. Ensuring timely reporting and adequate participation in investigation for ICT security incidents with customers, regulatory agencies and law enforcement agencies as applicable.
- Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation. Work with the IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
- Provide necessary guidance, Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software. Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyse its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
- Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
- Develop a strong working relationship with the Infosec team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
- Oversee and execute critical Information Security and Risk Management functions, including Change Management to ensure controlled and secure modifications across systems, and Incident Management, Response, and Remediation to swiftly address and resolve security events. You will be responsible for maintaining Platform Security and Compliance in alignment with regulatory and organizational standards, as well as managing PII Data Purging to safeguard sensitive information. Key responsibilities also include Dark Web and Social Media Monitoring to proactively identify potential threats, Infosec Ticket Management for efficient tracking and resolution of security issues, and Exception Management to handle deviations from established policies. Additionally, the role requires continuous Email DLP Monitoring to prevent data leakage and ensure secure communication channels.
- Conduct Security Reviews and Assessments across applications, infrastructure, and network environments to ensure adherence to organizational and industry standards. Responsibilities include performing Source Code Reviews (SAST & SCA) for internal applications, driving the Vulnerability Assessment and Penetration Testing (VAPT) Program, and leading Red Teaming and Ransomware Preparedness Frameworks to strengthen resilience against advanced threats. The candidate will oversee Windows AD Server Policy & Configuration Audits, Windows System Audits, and User Access Management Reviews, while ensuring robust governance of Active Directory, Firewalls, Web Filters, and Security Devices. Key tasks involve reviewing hardening parameters against CIS benchmarks, conducting OEM and third party maturity assessments, and evaluating Firewall rules and configurations. Additionally, the role requires Network Device OS Reviews to maintain secure baselines and continuous improvement of infrastructure maturity. Demonstrate expertise in identifying gaps, recommending remediation, and driving compliance across diverse security domains to uphold enterprise wide protection.
- Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements. Manage and coordinate operational components of incident management, including detection, response and reporting.
- Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.
- Design, coordinate and oversee security-testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.
Qualifications
- A minimum of 10+ years of Information Security experience, with min 8 years in a leadership role having demonstrated end to end responsibility of the overall Risk Management & Compliance (Infosec) program. Banking experience is strongly preferred and will have more weightage.
- A bachelor's degree in information systems or equivalent work experience; a BSc in IT with specialization in information security is preferred.
- Certifications (preferred) • Certified Information Systems Security Professional (CISSP) • Certified Information Systems Auditor (CISA) • Certified Information Security Manager (CISM) • ISO 27001: 2013 Lead Auditor / Implementer • ISO 9001:2015 - Quality management systems • ISO/IEC 17025 - Competence of testing and calibration laboratories • ISO 22301 - Business Continuity Standard • ISO 27701 PIMS Lead Auditor • SOC2 / DPDP / GDPR related certification
Click on Apply to know more.