Information Security Risk Manager
Description:
We are looking for an experienced Information Security (IS) Risk Manager to lead enterprise-wide security assurance, governance, risk, compliance, and business continuity initiatives.
Key Responsibilities
Lead enterprise-wide information security assurance, governance, risk, compliance, and business continuity programs, ensuring alignment with internal policies and regulatory requirements.
Perform and manage information security and cloud risk assessments across AWS and Azure, identify business impact, define mitigation strategies, and communicate risks in clear business terms.
Establish, implement, and maintain security governance frameworks, controls, and metrics, ensuring cyber risks and vulnerabilities are prioritized and remediated within agreed SLAs.
Own ISMS governance and audits, including internal and external audits, gap analysis, compliance readiness, and corrective actions for ISO/IEC 27001, PCI DSS, NIS 2, and other regulatory standards.
Develop, manage, and maintain Business Continuity Planning (BCP) and Disaster Recovery programs to ensure organizational resilience.
Manage third-party security risk, including vendor due diligence, security requirements in contracts, cloud and security tooling assessments (GRC tools, CASB), and coordination of external audits and remediation plans.
Develop, update, and govern information security policies, procedures, standards, and security awareness programs, ensuring continuous improvement and regulatory alignment.
Skills & Expertise
Information Security Risk Management & Security Assurance
Governance, Risk & Compliance (GRC)
ISMS, ISO/IEC 27001
PCI DSS, NIS 2, Regulatory Compliance
Cloud Security – AWS & Azure
Security Audits & IT Auditing
Business Continuity Planning (BCP) & Disaster Recovery
Cyber Risk Assessment & Compliance Monitoring
Experience & Certifications (Preferred)
10+ years of experience in Information Security / GRC / Risk Management
Exposure to Telecom, BFSI, or large enterprise environments
Certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor / Implementer preferred