Share this Job

Lead Information Security Governance

Job Id:  235

Maharashtra, Maharashtra, India

Department:  GRC

Lead Information Security Governance – Manager / Sr. Manager


The person in this position is responsible for a broad range of tasks, including rolling out of IS Policy, Processes, monitoring and review of the processes, KPIs measurement and reporting and continuous improvement. The person will be responsible for rollout of IT Risk Management, Security Reviews for IT Projects, IT General Controls, Data Privacy, Audits and Assessments, End user awareness and communications.



UPL is seeking an IS Governance Expert with relevant skills and experience, delivering 'hands-on' implementation of ISO27001 / IS Policy Rollout and Sustenance/ Risk Management / IT General Control.

  • Define enterprise security architecture framework
  • Develop and maintain security strategy
  • Develop and manage enterprise-wide policies, standards, and guidelines in accordance with regulatory requirements and industry leading practices
  • Support projects in ensuring policies are incorporated correctly
  • Liaise with the teams on special projects regarding IS controls implementation.
  • Manage security budgeting and tracking
  • Assess and manage security risks for the organization
  • Privacy Policy and Data Leakage Prevention Policy and Process.
  • Lead the security PMO for various security initiatives
  • Involved in the identification and shortlisting of technical security controls and frameworks
  • Responsible for defining the minimum baselines security standards for all technology solutions in the organization which includes the rule-sets for various devices
  • Involved in identification of security requirements during the system development lifecycle
  • End User Communication and Security Awareness Campaigns and Programs
  • Create various IS metrics and dashboards including GRC Dashboard / CIO dashboard
  • Monitor and implement IT Service / Information Security metrics as determined by Service Owners, Managers and Senior Management.
  • Publish annual calendar of various governance activities
  • Experience applying the ITIL framework in a way that successfully meets the needs of the organization.
  • Process development (policy, processes, procedures, checklists, templates) and communication to relevant stakeholders through formal and informal methods of training, workshops, mailers, discussions etc.,
  • Facilitate service review / process review meetings and continuous improvements
  • To Develop a Business Continuity Plan for the IT Services.
  • Ability to create a collaborative environment and facilitate cross-functional teams for IS / IT initiatives.



Skill Requirement:

  • Overall 6-12 years working in IT services/consulting industry with 5-9 years exp. in rollout and sustenance of IS Policy, Risk Management, Security Frameworks, ITIL/ITSM processes at Enterprise level with around 10000 users.
  • Minimum Engineering graduate.
  • CISA, CISM, CRISC - Any one of these
  • ISO27001 Implementor – Must
  • ISO27001 LA / ISO22301 / ISO31000 - Preferred
  • Hands on work experience in rolling out ISO27001, IS Policies, Risk Management & Security Frameworks,
  • Expert in Mapping of IS Controls to the IT Processes.
  • Capable of independent preparation of blue print and identification of gaps for rollout of IS Policy
  • Highly skilled in converting IT general controls requirements into business requirements / technical requirements and driving it.
  • Developed service reports using BI tools the KPIs agreed with business/clients
  • End User Security Awareness Programs and Campaigns using various media.
  • Practical experience of rollout of security tools and controls on Infrastructure tools (i.e. Active Directory, O365Mail, Alert and Systems Management)
  • Worked on Projects as Project Manager in line with PMP principles.
  • Excellent written and presentation communications skills
  • Experience creating data-driven IT support metrics and trending analysis.
  • Positive “can do” attitude and alignment to a concept of "Team" Strong customer service and written and verbal communication skills.


KPIs for the IS Governance Manager:

  • Establishing governance processes, architecture and standards for IS / IT services
  • Maintain IS Policy and Security / Risk Frameworks and ensure and report compliance to the same.
  • Maintaining service communication with business stakeholders
  • Information Security Awareness for end users
  • IS Policy/ Controls reporting and dashboards
  • Project Management processes should be followed uniformly and progress reported.