This role would be responsible for identifying and implementing the risk mitigations and controls and ensuring adequate Security levels (for Information & IT infrastructure)
Key Task & Activities
- Define scope of projects
- Execute projects within timelines and budgets
- Identify Security solutions as per business needs
- Manage PoC for agreed and approved solutions as per defined process Conduct reviews for partners
- Benchmark and compare security practices with the industry
- Implementation, operation and maintenance of the Information Security Management System based on standards like ISO/IEC 27000 series, Cobit, ITIL etc as applicable.
- Information security risk assessments and controls selection activities
- Regularly audit IT Infrastructure against standards and policies
- Reporting of all critical security issues
- Co-ordinate for Risk Assessment of IT systems and Third Party.
- Facilitate Internal Process and Operational Audits to provide the Risk and Impact Report
- Ensure Software License compliance at all times
- Implement tools and processes related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations
- Coordinate for Implementation and Governance of HDFCSL Third Party Policy and Guidelines
- Facilitate and drive initiatives of Internal Audits for Information Technology and update on Closure and Identified Risk to the Management
- Review of Third Party system and network security on monthly basis
- Adherence To Change Management Processes
- Facilitate Internal and External Audit of Critical Applications and Systems
- Review and implement Incident Management process
- Review and evaluate all security incidents as per the security incident management procedures.
- Ensure proper incidents reporting with Legal and regulatory stakeholders
- Analyze the risk or business impact on the incident
- Ensure timely reporting, escalations and closure of critical incidents
- Ensure that corrective and preventive actions are taken accordingly.
- Implement suitable information security awareness, training and educational activities
- Create, implement & review Data protection strategy across the organization.
- Devise and enforce standards and best practices for data protection in line with international standards and industry best practices.
- Evaluate the adequacy of security measures to protect organizational data and information assets.
- Participate in Seminars& Forums to understand & document new & evolving risks.
- Evaluate & implement security controls across all digital channels
Didn’t find the job appropriate? Report this Job