manager - risk & ComplianceFirstsource Solutions
Salary: Agreement
Work form: Full time
Posting Date: 08/06/2025
Deadline: 20/07/2021
Position Details: "Designation As decided by HR" - Manager / Sr. Manager - Information Risk Management
Reports to: GM / VP / SVP - Information Risk Management
General Purpose: To take the lead in providing expert advice and the promotion of Information Security and data protection compliance and best practice in setting and maintaining standards and procedures across the organization.
On an ongoing basis the post-holder will be responsible for fielding all internal and external Data Protection and Information Security issues and queries, seeking legal advice where necessary, as well as maintaining a register of those queries.
Where appropriate senior management must be kept aware of any issues and queries which present a reputational or material risk.
The post-holder will ensure that appropriate awareness training is conducted for all staff on defined periodicity
Position Responsibilities:
Creating, updating and disseminating data protection policies;
Resolving ad hoc queries and issues relating to data protection;
Identifying data protection and information security issues that need addressing;
Managing a data protection and information security training program;
Managing data protection subject access requests;
Implementing controls for adherence with data protection legislation and relevant codes of practise; Ensuring the company follows all codes of practice in the relevant sector;
Developing audit standards for personal data handling and information security activity to ensure adherence to internal and external policies;
Liaising with relevant teams to test the company's capability to respond to a breakdown or other serious contingencies in its operations that affects information security, personal data handling and data protection (both for automated and manual information);
Maintaining an information asset register; Establishing and monitoring information exchange agreements;
Regularly reviewing the risk with service owners and data owners
Maintain and execute the incident response procedure ensuring prompt redress of information security incidents;
Ensure that the Data Protection aspects are properly covered in the governance documents of all systems processing personal data.
Working with business and support units within the organization to implement the IRM (information risk management) and business continuity strategies and frameworks set by the organization / Management information Security Forum ( MISF) for Firstsource;
Interface with potential and existing customers as a senior management information security and business continuity representative, providing assurance and information as required by the business, marketing or other teams;
Any other duties as are within the scope, spirit and purpose of the job, the title of the post and its grading as requested by the line manager or Head of Department/Division.
Serves as an internal information security consultant to the organization. Advises the organization with current information about information security technologies and related regulatory issues
Documents security policies and procedures created by the Information Security Committee
Implements information security policies and procedures for the organization
Reviews all system-related security plans throughout the organization's network, acting as a liaison to Information Systems
Monitors compliance with information security policies and procedures, referring problems to the appropriate department manager
Coordinates the activities of the Information Security Committee
Monitors the internal control systems to ensure that appropriate access levels are maintained
Protects system by defining access privileges, control structures, and resources.
Recognizes problems by identifying abnormalities; reporting violations.
Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
Determines security violations and inefficiencies by conducting periodic audits.
Upgrades system by implementing and maintaining security controls.
Keeps users informed by preparing performance reports; communicating system status.
Any other duties as are within the scope, spirit and purpose of the job, the title of the post and its grading as requested by the line manager or Head of Department/Division.
Note: This job description reflects the present requirements of the post. As duties and responsibilities change and develop the job description will be reviewed and be subject to amendment in consultation with the post-holder.
Qualifications
Knowledge and Skills
Excellent written and verbal communication and presentation skills
Strong analytical and evaluation ability, and problem solving skills
Strong interpersonal skills, able to establish credibility at all levels
Strong persuasion and influencing skills
Self-motivated team player able to work effectively with diverse client groups and also on own initiative
Strong planning and organizational skills;
Flexible and adaptable style;
Significant broad IT experience, at least some of which has been in a security role
A good working knowledge of Information Security and SOC1 & SOC2, ISO 27001, PCI DSS, HITRUST , My CSF, GLBA HIPAA principles and practices
Broad awareness of hardware/software security products
Preferred Location: Bangalore
Minimum Experience 10 to 12 years of experience in Managing Information Risk Management , Data Privacy , Security Certifications
Preferred Field-of-Expertise ISO 27001, PCIDSS, HITRUST , SOC2 / SOC 3 .
Firstsource Solutions
Reports to: GM / VP / SVP - Information Risk Management
General Purpose: To take the lead in providing expert advice and the promotion of Information Security and data protection compliance and best practice in setting and maintaining standards and procedures across the organization.
On an ongoing basis the post-holder will be responsible for fielding all internal and external Data Protection and Information Security issues and queries, seeking legal advice where necessary, as well as maintaining a register of those queries.
Where appropriate senior management must be kept aware of any issues and queries which present a reputational or material risk.
The post-holder will ensure that appropriate awareness training is conducted for all staff on defined periodicity
Position Responsibilities:
Creating, updating and disseminating data protection policies;
Resolving ad hoc queries and issues relating to data protection;
Identifying data protection and information security issues that need addressing;
Managing a data protection and information security training program;
Managing data protection subject access requests;
Implementing controls for adherence with data protection legislation and relevant codes of practise; Ensuring the company follows all codes of practice in the relevant sector;
Developing audit standards for personal data handling and information security activity to ensure adherence to internal and external policies;
Liaising with relevant teams to test the company's capability to respond to a breakdown or other serious contingencies in its operations that affects information security, personal data handling and data protection (both for automated and manual information);
Maintaining an information asset register; Establishing and monitoring information exchange agreements;
Regularly reviewing the risk with service owners and data owners
Maintain and execute the incident response procedure ensuring prompt redress of information security incidents;
Ensure that the Data Protection aspects are properly covered in the governance documents of all systems processing personal data.
Working with business and support units within the organization to implement the IRM (information risk management) and business continuity strategies and frameworks set by the organization / Management information Security Forum ( MISF) for Firstsource;
Interface with potential and existing customers as a senior management information security and business continuity representative, providing assurance and information as required by the business, marketing or other teams;
Any other duties as are within the scope, spirit and purpose of the job, the title of the post and its grading as requested by the line manager or Head of Department/Division.
Serves as an internal information security consultant to the organization. Advises the organization with current information about information security technologies and related regulatory issues
Documents security policies and procedures created by the Information Security Committee
Implements information security policies and procedures for the organization
Reviews all system-related security plans throughout the organization's network, acting as a liaison to Information Systems
Monitors compliance with information security policies and procedures, referring problems to the appropriate department manager
Coordinates the activities of the Information Security Committee
Monitors the internal control systems to ensure that appropriate access levels are maintained
Protects system by defining access privileges, control structures, and resources.
Recognizes problems by identifying abnormalities; reporting violations.
Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
Determines security violations and inefficiencies by conducting periodic audits.
Upgrades system by implementing and maintaining security controls.
Keeps users informed by preparing performance reports; communicating system status.
Any other duties as are within the scope, spirit and purpose of the job, the title of the post and its grading as requested by the line manager or Head of Department/Division.
Note: This job description reflects the present requirements of the post. As duties and responsibilities change and develop the job description will be reviewed and be subject to amendment in consultation with the post-holder.
Qualifications
Knowledge and Skills
Excellent written and verbal communication and presentation skills
Strong analytical and evaluation ability, and problem solving skills
Strong interpersonal skills, able to establish credibility at all levels
Strong persuasion and influencing skills
Self-motivated team player able to work effectively with diverse client groups and also on own initiative
Strong planning and organizational skills;
Flexible and adaptable style;
Significant broad IT experience, at least some of which has been in a security role
A good working knowledge of Information Security and SOC1 & SOC2, ISO 27001, PCI DSS, HITRUST , My CSF, GLBA HIPAA principles and practices
Broad awareness of hardware/software security products
Preferred Location: Bangalore
Minimum Experience 10 to 12 years of experience in Managing Information Risk Management , Data Privacy , Security Certifications
Preferred Field-of-Expertise ISO 27001, PCIDSS, HITRUST , SOC2 / SOC 3 .
Firstsource Solutions
Other Info
Philippines
Permanent
Full-time
Permanent
Full-time
Submit profile
Firstsource Solutions
About the company
Risk Portfolio Analytics Assistant Manager
TASQ Staffing Solutions
MetroManila, Manila, TaguigAgreement
Assistant Manager, Operational Compliance Services (Wholesale Banking)
IQ-EQ
MetroManila, Manila, PasigAgreement
Position manager - risk & Compliance recruited by the company Firstsource Solutions at , Joboko automatically collects the salary of , finds more jobs on Manager - Risk & Compliance or Firstsource Solutions company in the links above
About the company