HDFC Life - Manager - Information Security

This role would be responsible for identifying and implementing the risk mitigations and controls and ensuring adequate Security levels (for Information & IT infrastructure)

Key Task & Activities

- Define scope of projects

- Execute projects within timelines and budgets

- Identify Security solutions as per business needs

- Manage PoC for agreed and approved solutions as per defined process Conduct reviews for partners

- Benchmark and compare security practices with the industry

- Implementation, operation and maintenance of the Information Security Management System based on standards like ISO/IEC 27000 series, Cobit, ITIL etc as applicable.

- Information security risk assessments and controls selection activities

- Regularly audit IT Infrastructure against standards and policies

- Reporting of all critical security issues

- Co-ordinate for Risk Assessment of IT systems and Third Party.

- Facilitate Internal Process and Operational Audits to provide the Risk and Impact Report

- Ensure Software License compliance at all times

- Implement tools and processes related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations

- Coordinate for Implementation and Governance of HDFCSL Third Party Policy and Guidelines

- Facilitate and drive initiatives of Internal Audits for Information Technology and update on Closure and Identified Risk to the Management

- Review of Third Party system and network security on monthly basis

- Adherence To Change Management Processes

- Facilitate Internal and External Audit of Critical Applications and Systems

- Review and implement Incident Management process

- Review and evaluate all security incidents as per the security incident management procedures.

- Ensure proper incidents reporting with Legal and regulatory stakeholders

- Analyze the risk or business impact on the incident

- Ensure timely reporting, escalations and closure of critical incidents

- Ensure that corrective and preventive actions are taken accordingly.

- Implement suitable information security awareness, training and educational activities

- Create, implement & review Data protection strategy across the organization.

- Devise and enforce standards and best practices for data protection in line with international standards and industry best practices.

- Evaluate the adequacy of security measures to protect organizational data and information assets.

- Participate in Seminars& Forums to understand & document new & evolving risks.

- Evaluate & implement security controls across all digital channels