This job ad has been posted over 30 days ago...



Information Security Governance & ISO 27001 consultant Full-time

at CMS IT SERVICES in Mumbai (Published at 06-08-2015)

Designation : Information Security Governance & ISO 27001 consultant

Experience : 4 to 6 Years in progressive Information Security Only and IT 1-2 years

Job Location : Mumbai, India


• Serves as an internal information security specialist to Client.

The activities and deliverables required to be performed by the consultant are broadly listed below:

ISO / ISMS control verification and compliance:

• Define, Develop and review information security policies, procedures, guidelines, forms and templates as per best practices in the Client framework.

• Assist in Security Metrics and Maturity – Provide and track Dashboard / Reports as per defined parameters. (ISO MOE)

• Review, Report and track Security Self-Assessment report.

• Reporting, tracking and escalating Security Audit of existing Application by Third Party.

• Assist and Recommend measures to ensure compliance with ISO 27001 / 17799 / 27002 standards or any such best practices; in consonance with Client’s framework.

• Assist Client’s to get ISO 27001 certification by identification of risks and implementation of appropriate controls in the ISO Audit scope. Recommend practical & implementable controls based on business, process & technology requirements for ISO 27001:2013.

• Support post implementation and continuous audits for ISO 27001:2013 and ensure compliance.

• Risk assessment of activities and coordinate with stakeholders till closure sign-off / risk acceptance.

• Conduct periodic Internal Information Security Audit of different functions in BS&T – Scheduled by information security team

End-point Compliance:
• Involvement in handling and resolution of information security related incidents.
• Advise the organization with latest updates on information security technologies and related regulatory issues.
• Create and review baseline standards for OS, Database, web servers and applications and recommend improvements.
• Review and approve Hardening reports and tracking for closure.
• Prepare, Collate and submit periodical security reports like patch management report, antivirus / report, anti-spam, IPS Report, security incident report, Software License Compliance Report and third party security reports on Information Security Activities to Management. Update the Daily, weekly and monthly dashboard.
• Highlight the End-point (Patch, Antivirus, USB) non-compliances to the relevant teams and create dashboards on a weekly/monthly frequency.
• Approve Service Request, Incident Request on mail and Change Request on e-helpline application after risk and impact assessment
• Assist in updating and monitoring business continuity and disaster recovery plan and review of documented plans and procedures for business resumption / continuity following disasters.

Information Security Awareness:
• Creates organizational information security awareness and conduct awareness during induction and maintain records. Also to send security mailers to users on periodic basis.
• Create the information security awareness mailers and related bi-monthly newsletters as directed by the CISO
• Assist Implementation of an Awareness / Education program to ensure that the employees and the related third parties are aware of and observe their respective responsibilities for the maintenance and continuation of information system security in Client.

Window for service
• Monday to Saturday ( 9:15 AM to 6:30 PM), weekly reviews with onsite team

Graduation with ISO27001:2013 LA certified.
Additional qualification: CISM, and/or CISSP, and/or COBIT, and/or CISA, and/or certified Project manager (PMP or Prince2).
Good written and spoken communication skills, Leadership ability, well versed with word, PowerPoint and Excel, should be proactive and a self starter

Note: Resource will under go interview with CMS as well as Client.

Note: Applications have been closed.

Recent jobs at CMS IT SERVICES

Viewed: 2013 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend