'%3e%3cpath d='M15.3069 13.1535H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 8.15347H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 3.30693H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='clip0_126_10407'%3e%3crect width='16' height='16' fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Chief Information Security Office - BFSI
MumbaiChief Information Security Office - BFSI
CISO (Shared Resource between Life and P&C)
- The role of a Chief Information Security Officer (CISO) is to protect information and data assets that are vital and its functioning. With the rising adoption of cloud-based and more start-up partner-based apps, data storage and the overall increase in data traffic across all channels, security risks in relation to data theft and loss have grown multifold. The dynamic environment due to digital adoption, today poses a threat largely due to the multi-layer, non-static nature of the infrastructure itself. Here, the experienced and talented role of a CISO becomes very pivotal as CISO must understand the threat landscape better and understands the balance between business needs and IT security needs. At this role is highly visible and high responsibility role and is complemented with a high level of authority as well with the right reporting hierarchy to CRO (Chief Risk Officer).
- With the emergence of new technologies and almost the entire business happening at a digital layer, CISO not only needs to innovate and adopt new technologies for business benefits but should also be aware of how to design these technologies and consider security aspects during the design phase itself. This will ensure that with the implementation of new technology one can have security also in parallel with a complete and comprehensive.
- The CISO also needs to manage outsourced service providers and business partners as they store and process confidential data of the company. Further, the CISO is expected to present the security posture of the company to the Chief Risk Officer.
- Be involved in developing a strong security strategy which shall be aligned with the business vision and preparing a comprehensive risk management practice which allows business to take conscious risks. CISO must learn the business language which other CxOs appreciate and accept.
- Data: CISO needs to understand the nature of information and its trajectory in the context of the underlying business. This is sometimes more important than the technicalities involved in data security.
- Enterprise Risk Alignment: CISO needs to align much more closely with the business strategy of the organization and the CRO's office.
- Compliance and Audit: Responsible for all compliance and audit (regulatory, internal and statutory) from IT side, be an representative at regulatory and Industry consortium.
- Regulatory Framework: as per regulatory guideline, all Insurers must have a CISO and Cybersecurity Plan and must be completely aware and enable cybersecurity regulation as per IRDA circular. There are technology-related issues on a daily basis and there is an acute need for organizations to understand and adhere to the dynamic regulatory framework. The evolutionary nature of such regulations makes the complex role of a CISO even more challenging.
- The IRDAI directive states that every insurance organization shall appoint a suitably qualified and experienced senior level officer exclusively as CISO who will be responsible for articulating and enforcing the policies that the organization uses to protect their information assets and coordinating the security-related issues/implementation within the organization, as well as relevant external agencies.
CISO Functions as per Regulatory
- IRDAI is requiring that insurance companies have a CISO who:
- Proposes information and cybersecurity policy to the Insurance Standing Committee, incorporates feedback on the implications of the policy from the ISC and other business areas into the policy-making process;
- Is responsible for providing advice and specialist support to management and information users in the implementation of Information and cybersecurity policy;
- Builds and leads the information security team with appropriate competencies and attitude to deliver the information security program;
- Promotes user awareness initiatives within the organization.
A major part of every cyber insurance claim is Incident Response. CISO is responsible for a well-built and regularly tested Incident Response program . This is an important component of a comprehensive risk management plan.
Cybersecurity Crisis Management -
- One key role for CISO is to understand the various business functions of the organization to develop a cyber crisis management plan. CISO need to develop the plan considering that cyber risk is different from other risks.
- The cyber crisis management plan should incorporate key functions including threat intelligence services, forensic investigation, and collaboration with key stakeholders, root cause analysis, detection, response, recovery, and containment, that could help in building good cyber defenses.
CISO has to wear different caps - tech head, compliance head, people manager, and a regulatory head
Crisis Communications in a Data Breach Event:
- A cyber attack can leave an organization helpless and its brand damaged. When compromised, companies have many different audiences they must reach in their communication. Cybersecurity and breach response are fraught with legal and regulatory landmines that, if not understood, will likely result in lawsuits. Find a crisis communications professional to help you create a crisis communications plan.
Legal Viewpoint: How to Avoid Litigation
- The moment CISO discovers a breach is a time the clock starts ticking for the company to meet its legal obligations. As CISO how you can quickly discern the true impact of an attack will be in the best position to counter allegations. When a data-privacy security incident happens, experts are needed immediately. The legal framework surrounding data security incidents changes constantly. Proper legal handling of an incident requires significant data privacy experience.
- Cyber Insurance: What You Should Know Cyber insurance is evolving as fast as technology. Cyber insurance itself is not a defense. It's the application of cyber insurance as another layer of defense, complementing the efforts of IT and other information security functions, where the greatest value is realized.
Didn’t find the job appropriate? Report this Job
'%3e %3cpath d='M24 48C37.2548 48 48 37.2548 48 24C48 10.7452 37.2548 0 24 0C10.7452 0 0 10.7452 0 24C0 37.2548 10.7452 48 24 48Z' fill='%23333333' fill-opacity='0.8'/%3e %3cpath fill-rule='evenodd' clip-rule='evenodd' d='M22.5299 19.0115V19.5849V29.0154V31.5316C22.5299 32.3403 23.1967 33 24.004 33C24.8114 33 25.4784 32.3358 25.4784 31.5316V29.0154V19.5849V19.013L29.4885 23.0077C30.0627 23.5795 31.0044 23.5743 31.5733 23.0077C32.1421 22.441 32.1423 21.4975 31.5735 20.9308L30.1054 19.4684C30.0891 19.4504 30.0724 19.4329 30.0551 19.4156L25.0837 14.4634L25.0479 14.4264C24.9234 14.3024 24.7807 14.2055 24.6281 14.1358L24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946C24.0039 13.8983 23.3839 14.0068 22.9622 14.4268L22.9533 14.436L21.4743 15.9093C21.4615 15.9211 21.449 15.933 21.4367 15.9452L16.4286 20.934C15.8598 21.5008 15.8545 22.4389 16.4286 23.0108C17.0027 23.5826 17.9394 23.5827 18.5135 23.0109L20.0019 21.5283C20.0147 21.5164 20.0274 21.5043 20.0399 21.492L22.5299 19.0115ZM24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946L24.5952 14.1212Z' fill='white'/%3e %3c/g%3e %3cdefs%3e %3cclipPath id='clip0_99_1825'%3e %3crect width='48' height='48' fill='white'/%3e %3c/clipPath%3e %3c/defs%3e%3c/svg%3e "Scroll Up"){kind=small}