Role : AVP / Head -Information Security ( Big 4)

Reporting to : CIO

Location : Gurgaon

Job Purpose :

- AVP / Head -Information Security is responsible for establishing and maintaining the Company's security management program with the purpose of protecting Company and Customer information and technical assets.

- Also responsible to assess, identify and reduce cyber security risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of processes and procedures as per the cyber security and resilience policy.

Key Accountability :

- Develop, implement and monitor strategic, comprehensive information security, cyber security and risk management program to ensure that the integrity, confidentiality and availability of information is owned and controlled by the organization.

- Facilitate information security governance through the implementation of a hierarchical governance program, including interaction with the cyber security working group.

- Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.

- Work with various Business Units, and Team Managers in developing a Information Security Risk Management Framework.

- Develop and manage information security financial objectives, develop and prepare budgets and forecasts and establish financial performance criteria and monitor for variances.

- Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.

- Work directly with the business units to facilitate information security risk assessment and risk management processes, and work with stakeholders throughout the organisation on identifying acceptable levels of residual risk.

- Provide regular reporting on the current status of the information security program to management, senior managers and the Board of Directors as part of a strategic enterprise risk management program.

- Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.

- Develop and implement an information security management framework that aligns with our business model, our risk profile, and our existing compliance initiatives and efforts.

- Provide strategic risk guidance for IT projects including the evaluation and recommendation of technical controls

- Liaise with the IT architecture teams to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures..

- Coordinate information security and risk management projects with team managers from across the business unit teams and IT organization

- Work with compliance team to ensure that security and privacy programs are in compliance with SEBI, IOSCO and relevant laws, regulations and policies to minimize or eliminate risk and audit findings.

- Define and facilitate the information security risk assessment process including the reporting and oversight of treatment efforts to address negative findings.

- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation

- Establish a reporting procedure to facilitate communication of unusual activities and events to the senior management in a timely manner

- Should periodically review instances of cyber-attacks, if any, domestically and globally, and take steps to strengthen cyber security and cyber resilience framework.

- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action

- Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture

- Coordinate the use of external resources involved in the information security program including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.

- Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals.

- Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.

- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.

- Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, privacy, risk management, compliance and business continuity management, for both internally and externally delivered services.

Educational Qualification : Bachelor's degree in business, computer science, information technology or equivalent professional experience

Previous Experience :

- BE / B.Tech with 10 to 15 yrs of experience

- 8-12 years of combined experience in information security and risk management

- 8-12 years of experience working with IT security/Cyber security guidelines.

- Experienced of ISO 27000 implementations.

- Experience in driving change in security functions within multiple organizations

Certifications : Holds at least two of the following certifications, CISA, CISM, CRISC, CGEIT, CISSP, ISO 27000 Lead Implementer/Auditor.

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.