Description for Job Posting

Job Posting For

Infosys Limited India

Job Title
Manager - Information Security

Reference Code
Inf_EXTERNAL_60529372_8

Job Role
Manager - Information Security

Location(s)
Bangalore , Karnataka , India

Responsibilities
Management Process -Thought leadership : Carry out research in order to provide papers, POVs, etc.
(For Privacy and Data Protection)
Develop thought papers internally to help create privacy as a differentiator
Management Process -Budgeting and Resource Planning : Consolidate and provide inputs regarding activities that have
budget/resource (hardware, software, training etc.) implications IN ORDER TO help budget decisions.
Management Process -Branding : Participate in department`s branding activities such as presentations, internal
communication IN ORDER TO create a positive brand image of the department
Management Process - Human Resources Processes : Provide inputs regarding people requirement and nurture skills,
knowledge and motivation of the team IN ORDER TO increase productivity
Sustain and Improve - Service Level Measurement : Define Service Levels and obtain stakeholder signoff IN ORDER TO
incorporate the SLAs in the service delivery
Service Delivery -Security Advisories : Provide assistance/ guidance during the patch releases and advisory preparation IN
ORDER TO ensure timely release of internal advisories.
Service Delivery -Forensic Analysis : Provide technical inputs IN ORDER TO Improve Investigation and Incident report
handling process
Service Delivery -Secure Configuration Standards : Review Standards and obtain stakeholder signoff IN ORDER TO finalize
the standards
Service Delivery - Network Architectural Review : Create and update standards for secure connectivity IN ORDER TO
ensure that the same can be used in future requirements of similar nature; provide guidance to Analyst and Engineer for
responding to network architecture review requests IN ORDER TO ensure that the connections are secure
Service Delivery -Information Security Metrics : Undertake automation of security metrics IN ORDER TO remove human
dependency, ensure accuracy and stabilize maximum numbers of metrics
(For Privacy and Data Protection)
Monitor, track, analyze and report performance measures, metrics , including SLA
Service Delivery -Information Security Knowledge Management : Prepare review/revision tracker for information security
related Policies and Process and coordinate their updation IN ORDER TO ensure that the body of knowledge is current and
relevant
Service Delivery -Information Security Incident Management : Undertake Incident Analysis IN ORDER TO ensure that the
damage is minimized and the incident is closed effectively; suggest preventive measures to be taken in collaboration with
stakeholders IN ORDER TO prevent occurrence of similar incidents in future.
(For Privacy and Data Protection)
Handle incidents (including data subject requests) related to privacy and Data Protection (external and internal) for timely

and effective closure, and track corrective and preventive actions

Service Delivery - Customer Interaction : Participate in customer / prospect visits/audits/ interactions to answer information
security related questions IN ORDER TO create a positive perception about Infosys` information security position.
(For Privacy and Data Protection)
Facilitate customer and vendor audits and presentations on privacy and Data Protection
Service Delivery -Information Security Facilitation : Collaborate with different departments and Units in a set of locations for
identification and closure of the gaps in Information security IN ORDER TO ensure effective implementation of information
security controls.
Service Delivery - Information Security Pre-Engagement Support : Review the responses to MSA / customer queries IN
ORDER TO ensure that the responses are accurate and complete; build a knowledge repository of MSA/RFP related
queries for future use.
Information Security Awareness : Ensure security awareness content is up to date and find new ways to create security
awareness IN ORDER TO increase security awareness.
(For Privacy and Data Protection)
Conduct Training and Awareness programs in accordance with training plans to adequately cover employees on Privacy and
Data Protection, develop training content.
Service Delivery - Information Security Risk Management : Perform risk assessment of information assets in the
organization and facilitate mitigation of risks IN ODER TO insulate the impact of vulnerabilities on the information assets;
propose improvements to the risk management methodology IN ORDER TO ensure effective risk mitigation.
(For Privacy and Data Protection)
Conduct risk assessments to proactively identify privacy Data Protection threats across locations, subsidiaries, business
processes, assist in implementing timely mitigation steps, prepare periodic metrics and risk reports
Service Delivery - Information Security Monitoring : Manage the operational monitoring of team; ensure cross-functional
liaison for event notification, escalations and response IN ORDER TO have efficient incident detection and resolution
Service Delivery- Information Security Process Audits : Review reports and conduct information security audits of
specialized systems / solution deployments, non-standard controls / situations with respect to best practices and / or
principles of security management IN ORDER TO ensure company`s information security requirements are met and suggest
areas of improvement.
(For Privacy and Data Protection)
Perform compliance (to both organization policies and jurisdiction regulatory requirements) checks processes, systems and
people practices across the organization and subsidiaries, assist in conducting privacy and Data Protection assessments
internally or externally as required, prepare assessment observation reports and follow up with concerned teams for closure
on NCRs
Service Delivery - Technical Audits : Plan and improve effectiveness and timely execution of technical audits IN ORDER TO
ensure that systems, applications and devices are maintained as per the desired secure configuration and are free of
vulnerabilities
Service Delivery - Service Portfolio Planning : Analyze operational inputs and suggest inputs from the business/regulatory
environment IN ORDER TO implement security in the organization
Policy Definition - Development of Processes and Procedures for Implementation of Information Security Policies :
Formulate processes, evaluate need for new processes and propose the same IN ORDER TO ensure that processes are
relevant.
(For Privacy and Data Protection)
Deploy PIMS (Personal Information Systems) including controls needed in various business processes to be compliant with
Organizational Privacy and Data Protection requirements, implement system enhancements IN ORDER TO institutionalize
controls, implement, manage and track requirements on privacy and Data Protection along with the concerned BEF, as
applicable
Policy Definition - Information Security Policy Development : Formulate and maintain policies based on the inputs received
IN ORDER TO translate the organization`s information security strategy into policies that need to be adhered to.
(For Privacy and Data Protection)
Assist in defining processes, standards, guidelines, templates that are required globally IN ORDER TO ensure consistent
understanding and deployment of organizational privacy and Data Protection requirements
Security Strategy - Formulation of Security Strategy : Provide inputs from his/her area of responsibility (e.g. risk
management, audit, engineering or assurance) IN ORDER TO formulate strategy
Security Strategy - Security Requirement Analysis : Carry out analysis of security requirements based on the changing
operational environment IN ORDER TO provide recommendations pertaining to his/her area of responsibility and influence

Experience Required
Entry Level (< 2 Years Relevant Experience)