Chief Information Security Officer

Job Description for CISO role:

He will be responsible to handle technical information security aspects of organization- NBFC including handling information security tools, application security testing, infrastructure security testing, technical security compliance and cloud security controls. The role defines, implements and monitor security controls for IT assets of the organization.

- Third-party Risk Management: Review the risk assessments of third-party vendors, ensuring compliance with security standards and mitigating potential threats. 10

- Application Security testing: It includes the review of technical assessment (code review, application security & vulnerability assessment) of partner & internal infrastructure. 10

- Data Security: Review of the Access controls, Encryption, and Data Loss Prevention (DLP) controls to safeguard confidential data. Review of the security controls implemented for cloud environments and services. 10

- Internal & External Regulatory Audits & Compliance: Lead internal and external regulatory audits to assess the effectiveness of security controls, vulnerability assessments, ensuring compliance with relevant standards and regulations. Organize Information Security Committee (ISC) meetings with Senior Management. 15

- Information Security Awareness & Emergency Response: Ensure Information Security awareness for all employees and vendor staff. Conduct tabletop exercises to discuss various business disruption scenarios for Senior Management.

- Security Operations Centre (SOC) monitoring: Monitoring & closure of the security alerts observed by the centralized SOC & vulnerabilities observed in the infrastructure & networks. Brand protection & Dark web alerts monitoring & closure.

- Security tools implementation & monitoring: Security Architecture review, Network review, Implementation, monitoring & support of various security tools (PAM, Guardicore, DAM, DLP, EDR, VAPT etc.) as per the organizational requirements.