Job Description

The Manager of Information Security Risk is responsible for establishing, implementing, and maintaining a comprehensive information security risk management framework. The role ensures the protection of sensitive data and full compliance with regulatory requirements, including adherence to Sharia principles. Key responsibilities include conducting risk and vulnerability assessments, managing security incidents, overseeing compliance initiatives, and leading security awareness efforts across the organization.
Key Responsibilities

• Develop, implement, and maintain information security policies, standards, and procedures.
• Conduct periodic risk assessments and vulnerability scans to identify and address security gaps.
• Administer and manage security infrastructure tools (e.g., firewalls, encryption tools, IDS/IPS systems).
• Ensure compliance with all applicable cybersecurity regulations and Sharia-based guidelines.
• Lead and support internal and external audits to maintain compliance with industry standards.
• Design and deliver organization-wide security awareness and training programs.
• Coordinate incident response activities, including detection, containment, and resolution.
• Maintain detailed documentation of incidents, findings, and mitigation activities, and perform post-incident reviews.
• Provide regular updates and reports to senior leadership on security posture and compliance status.
• Maintain accurate and up-to-date records of security-related activities, incidents, and compliance efforts.

Qualifications & Experience

• Bachelor's degree in Information Security, Computer Science, or a related field
• 8+ years of experience in information security, IT governance, or risk management
• Hands-on experience implementing security frameworks such as ISO 27001 and NIST
• Mandatory to have experience in Sharia Compliance
• Deep understanding of cybersecurity principles, risk management, and regulatory compliance
• Familiarity with Sharia principles, especially in the context of financial institutions
• Excellent communication and interpersonal skills with the ability to engage both technical and non-technical audiences

Preferred Skills & Certifications

• Professional certifications such as CISSP, CISM, or CRISC
• Practical experience with tools like SIEM, firewalls, intrusion prevention, and endpoint protection systems

FOR MORE INFORMATION
CONTACT Avinash Sirur

Skills Required