Information Technology Risk Manager

Brief Job description:

The person has to co-ordinate with IT / BPO Operations, Corporate and Client Stakeholders to implement all necessary Risk and Information security best practices, ensuring compliance to organization policies and procedures, and client requirements with respect to products, platforms, BPO Services at all Infosys McCamish locations across the globe.

Detailed Job description:

Security Controls implementation – Overall Program management

Conduct Risk Assessment

Help stakeholder in closing the assessment gaps

Aligning the policies and procedures with respect to Risk / Information security

Co-ordination between delivery / functional teams

Implementation of control objectives

Define and implement change initiatives

Implementation knowledge of Information Security, Business Continuity, Data Privacy, Cloud Security Management Models and guidelines like ISO 27001, ISO 27701, ISO 27017, ISO 27018, ISO 22301, NIST, CISA, SOC 1, SOC 2 etc. is preferable.

Audits

Auditing IT vendors periodically in terms of their compliance to Information security standards as per MSA/contract.

Auditing the IT infrastructure components, say, servers, networks, applications (both internal and third party), scanning the vulnerabilities, define appropriate controls and certify them to use it in our business.

Conduct Internal Audits on process compliance (Risk audits-confidentiality, Integrity and Availability, IP audits, Information Security audits)

Facilitate external audits with certifying bodies and ensure certification / Recertification (ISO 27001, SSAE 16 – SOC1, etc.,)

Facilitate Client risk audits on Information security, vulnerabilities etc., by coordinating with all internal / client stakeholders.

Handling all Security Incidents, Audit Non-conformities, Process deviations, Complaints pertaining to Risk and ensure that the process owners are defining and implementing the relevant corrective / preventive actions and close the same.

Handling BCP / DRP (Business continuity plan and Disaster Recovery plan) activities for McCamish. The person will be the lead DRR for McCamish, training other groups, driving mock drills etc. in co-ordination with TIG and Facilities team.

Facilitating Periodical Risk meetings with sr. leadership

Risk reporting: Co-ordination between different BPO client managers / Engagement Managers / Functional teams to get the right information and publish metrics, status reports and initiatives dashboard to all internal and external stakeholders.

Identify continuous process improvement opportunities, define and implement best practices, driving improvement culture across the organization.

Sales and Solutions support: Handling all RFPs / RFIs for future prospects on Risk and Information security requirements.

About Us

Infosys McCamish Systems,( located in Atlanta, Georgia, is the Life Insurance and Retirement Services subsidiary of Infosys BPO Limited. Infosys McCamish was started in 1985 as a virtual insurance company and went to market as a commercial services provider in 1995.It has an outstanding business perspective and an exemplary track record that no other outsourcer of business solutions can claim – generating US$16 billion of recurring premium in less than five years as a virtual insurance company. Infosys McCamish has expert technology and outsourcing credentials, along with a proven business model for re-engineering systems and performing back-office services at a reduced cost, while reinforcing accuracy, speed and security. Seven of the top ten US insurers are among Infosys McCamish’s many BPO clients. Infosys McCamish has its operations spread across Atlanta GA and Des Moines IA in USA.

EOE/Minority/Female/Veteran/Disabled/Sexual Orientation/Gender Identity