Cheif Information Security Officer - BFS

i) Develop and maintain IS policy, standards, procedures and guidelines to support the organizations- information security program. Review and recommend to the Board necessary changes to the IS Policy, standards, procedures and guidelines. Ensure that the individual business functions create and get their SOP's approved (in line with above standards & procedures) by the respective functional heads.

ii) Ensure that the information security governance framework is supported by an in-formation security assurance programme (Implementation Plan). Ensure translation of the information security program into specific actions which shall include aware-ness, security infrastructure, security incident response and risk management. Pro-vide advice and support to management and information users in the implementation of Information and Cyber Security Policy.

iii) Work closely with IT and other functional teams and monitor implementation of in-formation security projects and controls for new or identified deficiencies. Provide the management and Users assistance in correcting deficiencies.

iv) Be responsible to ensure management of cyber security initiatives and incident man-agement. Review, discuss and direct information security risk mitigation (which in-cludes reporting security incidents) and ensure that risks are accurately reported (and appropriately dealt with). Monitor information security incident management i.e. iden-tification, response, remediation and reporting.

v) Identify current and potential legal and regulatory issues affecting information security and assess their impact in conjunction with legal and compliance team. Bring signifi-cant issues on non-compliance to the attention of the ISC for review and remediation.

vi) Perform information security risk assessments on an ongoing basis and report any significant risks to ISC. Initiate / undertake an ongoing or ad hoc third party re-view/assessment of a specific function or a product to measure the effectiveness of the controls implemented and highlight any vulnerability that needs to be fixed.

vii) Build and lead the information security team with appropriate competencies and atti-tude to deliver the information security program.

viii) Promote user awareness initiatives within the organization. All employees and, where applicable, contract staff, 3rd party service providers and vendors shall receive appropriate information security awareness training or periodic updates as relevant to their function to ensure secure business operations

ix) Have insight into the entire business IT framework including all software and hard-ware platforms. Review all servers and databases and analyzes the IT systems to de-termine IT control weaknesses and risks. Participates in reviews of internal controls and security of systems under development as well as major IT projects and initia-tives.

x) Monitor IT systems to ensure they follow policies and practices. They must evaluate technology, manage staff, identify controls, and keep records. Ensure that IT staff has a fair understanding of auditing procedures and necessary independence to con-duct their own investigations.

xi) Help in constructing Audit Plan and scope and executing the same during the year. Work in conjunction with financial or other specialist auditors, as and when required.