Full Job DescriptionEducational Qualification
B.E
No. of years of Experience
9
No. of Position
1
Job Location
KANJUR MARG (E) TTC
Job Description
kindly find the mentioned job profile for ISMS engineer. Job Description: Job Title / Role: Engineer – Information Security Department: Quality & Information Security Management Reporting To: 1st Level Reporting To: Principle Engineer, Quality & Information Security Management Dept. 2nd Level Reporting To: Department Head, Quality & Information Security Management Dept. No of Position(s): 1 Joining Date: Within 30 days Education Qualification: B.E in Computers / Information Technology / Electronics & Telecommunication from recognized university / B.Sc. Information Technology from a recognized University. Qualification: 1) Knowledge of ISO 27001 and ISO 19011 Standards 2) Certified ISMS Internal Auditor / Lead Auditor from a recognized Certification Agency Mandatory Experience / Skills: 5-10 Years 1) Implementing ISO 27001:2013 2) Developing ISMS Policies / Procedures / Documents. 3) Conducting Information Security Risk Assessment 4) Planning, coordinating, conducting and reporting Information Security Audits 5) Facilitating Root Cause Analysis 6) Conducting Awareness / Training related to Information Security 7) Ability to identify and implement Best Security Practices. 8) Documentation 9) Excel / Advance Excel, PowerPoint. 10) Communication. Presentation , Interpersonal Skills, Time Management Desirable Knowledge / skills: 1) Knowledge of Project Management and EPC processes 2) Certified Information System Auditor (CISA). 3) Knowledge of ISO 31000: 2018 and ISO 27005: 2018 4) Knowledge related to Information Systems (IS) & Information Technology (IT) Security. 5) Knowledge related to Software Development Life Cycle (SDLC) Security. Knowledge of National (e.g. IT Act) / International Laws / Regulations (e.g. EUGDPR) / Standards (e.g. NIST) related to Information Security. 6) Knowledge of National (e.g. IT Act) / International Laws / Regulations (e.g. EUGDPR) / Standards (e.g. NIST) related to Information Security. 7) Conducting Information Security audits of IT Vendors. 8) Certified ISO 9001: 2015 Internal Auditor / Lead Auditor. Key Roles & Responsibilities: 1) Develop / Review / Update Information Security Policies and Procedures to comply with ISO 27001: 2013 requirements. 2) Review ISMS requirements defined in ITB / Contract. 3) Prepare / Review of ISMS Procedures / Documents based on Project requirements 4) Coordinate with Project Manager / Project Engineering Manager and ensure Implementation of Information Security requirements as per Contract 5) Identify applicable National / International Laws / Regulations related to Information Security and coordinate with Legal Dept. for its compliance. 6) Plan and conduct ISMS Awareness / Training Programs for Employees, Internal Auditors etc. at Corporate Office and Construction Sites. 7) Prepare ISMS Awareness emailers 8) Ensure Periodic review and updating of Risk Assessment Registers along with Risk Owners 9) Review of Events / Incidents reported and Coordinate with related Departments for close outs. 10) Prepare / Update “Information Security Event / Weakness / Incident Register” 11) Conduct Corporate Internal Audits at Corporate Office / Construction Sites and report findings. 12) Coordinate with Internal Auditors, Auditees for Audits, Audit Reports and Closure of Internal / External Audit Findings. 13) Ensure Root Cause Analysis by concerned auditee for determining corrective actions for the identified audit non-conformities. 14) Monitor the close out of audit findings. Verify effectiveness of actions taken. 15) Support Departments to Prepare for External Audit 16) Communicate internally regarding matters related to ISMS 17) Identify and implement Best Security Practices. 18) Suggest improvements in work process and activities