Thomson Reuters
photo of hand surrounded by flowers

Bring Your Passion

Apply Now    

Manager, Information Security Risk Management

Thomson Reuters Technology Development 1/11/2018 7:02:12 AM Mumbai, MH India
Job Description

ROLE SUMMARY

Thomson Reuters Information Security & Risk Management (ISRM) team is looking for an experienced individual to support the information security operations for Thomson Reuters Legal Managed Services operations at our Mumbai location. The site is certified for ISO 27001:2013 for all our operations and support functions. The operational tasks extend to certification management, quarterly external audits, third party risk and client site reviews. The primary responsibility of the Manager is to work with the information security head on the operational management of the ISO 27001:2013 program.

The ideal candidate will have to possess the right demeanour, skillset and experience to operate in the fast-paced and dynamic world of information security and risk, with experience in working on different assessments simultaneously, liaising with stakeholders across separate teams to ensure conformity to information security controls and ensure ever readiness for a site risk review.

Thomson Reuters provides professionals with the intelligence, technology and human expertise they need to find trusted answers. We enable professionals in the financial and risk, legal, tax and accounting, and media markets to make the decisions that matter most, all powered by the world's most trusted news organization.

At Thomson Reuters, we believe what we do matters. We are passionate about our work; inspired by the impact it has on our business and our customers. As a team, we believe in winning as one – collaborating to reach shared goals, and developing through challenging and meaningful experiences. With over 50,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Bring your ambition to make a difference. We’ll bring a world of opportunities.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity Employer providing a drug-free workplace.

More information about Thomson Reuters can be found on thomsonreuters.com.

ESSENTIAL RESPONSIBILITIES:

Overseeing the program management and operations along with the information security officer. Involvement in the day to day operational tasks, as well as lead specific control related tasks inclusive of but not limited to risk assessment exercise, business impact analysis, cross functional audits and internal security assessments. The operations under the scope is subject to comprehensive risk reviews by business / operational clients, most of whom are large financial banks of international repute. These checks are over security questionnaires; follow up calls and discussions and detailed site audits. Most of these functions are aligned to Thomson Reuters Legal Managed Services operations across Noida and Mumbai sites.

Requires liaising with business functions across different domains for training, facilitating audits, mitigation discussion and closure.

  • Other than the annual certification audit (DNV GL), we also have quarterly audits done by KPMG. Setting up the audit schedules and ensuring roadblocks to the process are removed. Post audit, need to work with the relevant stakeholders to ensure closure of the finding.
  •  Develop training programs for better security awareness specific to Legal Managed Services business. This includes poster creation, catchy emails, and regular communication to the site audience and relevant stakeholders. This is dynamic considering the different projects and their related controls.
  • Some of these trainings though coordinated through the project managers, needs handholding and teamwork.
  • Ensure organizational policies and procedures are adhered to. The adherence is measured through customized floor walks; team specific information security checks and related monitoring mechanism,
  • Check control effectiveness inclusive of and not limited to physical security, departmental and project specific checks
  • For our sites we drive a separate measurement of effectiveness program. This covers all services and has defined controls and SPOCs for the same. A part of the role is to coordinate and manage this activity; analyse and ensure continual tracking and the effectiveness measurement management
  • Drive departmental security assessments in coordination with the department managers. Need to be aware of the processes, project specific requirement and contractual information security requirement. These checks are done in isolation and / or with the project manager and with a information security core team member
  • For the TR LMS business relationship and the relevant risk reviews; there is a requirement to generate and evidence control evidence and related collateral. This requires a dynamic update of repositories, collaterals, etc.
  •  Contribute towards RFP responses to evidence our security posture and the current state.
  •  Track core team members’ performance, their contribution towards their departmental and functional controls.
  •  Ensure all documentation and reporting meets the process and quality requirements of the Thomson Reuters ISRM function. This is inclusive of and not limited to the policies, business continuity plans measurement documents, risk sheets, risk and BIA reports and context and communication document specific to TR LMS operations. The records and evidence management extends to the business continuity function too!
  • Key involvement from a crisis management perspective, active monitoring of incidents, environmental and physical parameters and coordinate risk mitigation.
  • Work under direction of the Thomson Reuters ET&O operations and align to their directives at an overarching level.

DESIRED CHARACTERISTICS

  • Adequate training skills, people management skills and prioritization skills are a must. Must be a quick thinker, team player and a decision maker. The job requires working with diverse personnel across teams and driving all towards a unified goal.
  • Consistent and self motivated. Self accountability and self drive is a key requirement
  • Technical knowledge and IT background is a pre requisite
  • Good with MS Office (moderate knowledge of excel would be preferred)
  • Ability to work under pressure, demonstrate flexibility and coordination skills.
  • 5+ years of information security experience with an auditing / consulting background.
  • Strong verbal & written communication skills and comfortable with interaction across diverse teams and functions sometimes across offices and geographies.

QUALIFICATIONS:

  • Lead auditor ISO 27001:2013 ( compulsory) and ISO 22301 ( additional advantage)
  • CISM or CISA will be an advantage
  • Graduate / Specialization in IT and relevant certification courses

At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.


Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit thomsonreuters.com/careers.

More information about Thomson Reuters can be found on thomsonreuters.com.



Locations
Mumbai-India
Req #: JREQ096465
Locations: Mumbai-India
Job Function: Technology Development
Apply Now    
Link for schema