Canara HSBC OBC LIfe Insurance - Assistant Vice President - IT Operations & Security

Role Purpose (overall high level summary of the role)

- To plan, direct, implement and manage IT security services in CHOICe environment. Review and Align the IT Information & Data Security controls, SOC Operations, Web and Cyber Security controls as per best practices and set Policy and Procedures in alignment with the CISO.

- To marshal resources to deliver, in a timely and cost- effective manner.

- To assist Head IT - Operations & Security in establishing an enterprise strategy for governance, DR management, decision making and analysis to achieve strategic objectives.

Principal Accountabilities: Key activities and decision making areas

Impact on the Business / Function

- Deliver cost-effective IT security solutions keeping secure the organization infrastructure from external and internal threats.

- Provide a timely and accurate flow of information on activities to functional head.

- Propose solutions for the procurement of IT security equipment and services required by IT and non-IT functions

- Propose Solutions Architecture and standards for IT Applications stack consisting of Web Portals & Cloud solution by working with the Applications Architecture Technical team

- Define and support in review and implementation of security standards for the different types of apps through VA/PT process enforcement

- Develop strategies for effective DR plan

- Develop and implement an ongoing risk assessment program and recommend methods for vulnerability detection and remediation

- Consistently review, update and implement controls keeping the Policies and Procedures updates for Overall Security to keep the environment secure.

- Lead IT Auditee managing Regulatory and Compliance adherence on Information and Cyber Security

Typical Targets and Measures

- By directing and coordinating (directly and indirectly managed) staff and supplier resources to gather and analyze user requirements, design, propose and implement IT security solutions.

- By providing direction to operational staff on efficient techniques, practices and procedures, development of effective support systems.

- By review of proposals for conformance with CHOICe standards and practices, for synergy with other IT initiatives and for optimal pricing, seeking concurrence where appropriate.

- By giving recommendation on best technology available for DR and designing and executing the DR Plan as per the laid down policies.

- By leading the development of a CHOICe security strategy, proactively reviewing and steering initiatives towards consistency with such strategy.

- By formulation of the CHOICe IT security annual budget, and monitoring actual expenditure within forecast levels.

- By staying abreast of technological developments and product evaluation.

- Through regular reviews of staff performance and skill profiles; to achieve optimal balances among team members.

- Directing training development to meet technology/application advancement as well as identifying operation automation opportunities on an ongoing basis

- To manage operational risk, including its identification, assessment, mitigation and control, loss identification and reporting in line with the framework by CHOICe IT.

- Review of CHOICe IT network assessment report such as Vulnerability assessment and Penetration testing

- Review of all IT security incident and log monitoring reports of security devices.

- Regular review of the IT security policies in conformance with the current business and regulatory needs and implementing controls.

Customers / Stakeholders

- Ensure IT security projects are implemented in conformance with a cohesive strategy to meet short, medium and long-term needs.

- Ensure IT security costs are maintained within capital and recurrent budgeted levels.

- Ensure that the organization exploits technologies to its maximum advantage

- Ensure the availability of critical IT resources for business continuity and disaster recovery

Leadership & Teamwork

- Effective resource planning

- Team productivity and career planning

Operational Effectiveness & Control

- IT Policy and process implementation, review and compliance

- Effective and efficient Vendor management

- Logical system access process implementation, review

- Security Incident Response and process protocols including Incident Reporting and Sanctions

Major Challenges (The challenges inherent in the role that require a continual test of the role holder's abilities)

The job demands the ability to solicit and interpret the IT security needs of the organization as well as users and to implement, within timeframes, appropriate solutions in an environment of fast-changing technology to convince Customers / Stakeholders of the need to adopt solutions that conform to CHOICe standards.