Chief Information Security Officer - BFSI

We have one very urgent position in one of the LEADING BFSI BRAND

POSITION : Chief Information Security Officer [ CISO ]

DESIGNATION : VP / SVP

Reportees : 2 - 3 direct reporting, but will deal with multiple CXOs and their respective teams of different verticals of the Group company.

REPORTING : Dual reporting to Vice Chairman and Chief IT Officer

LOCATION : Kolkata HQ

OFFERED CTC : negotiable pa ; depending upon current CTC, total & relevant years of experience, business volume, education background, interview status.

Job Responsibilities :

Profile - Will handle IT Security of a GROUP COMPANY PAN India.

Job Objective

- Analysing, creating technical solutions, implementing and managing large, complex and critical IT Programs and Projects.

- Strong Technology, IT and Cyber security and governance skills.

- Business strategy and alignment of technology for running and growing the business.

- Technology selection, architecting, outsourcing, efficiency enhancements, vendor development & management.

- Large team management, resource planning, leading, managing and mentoring talent.

- Brand protection, privacy of data, protection of IT assets

- Protecting System assets - soft and hard - against cyber threats.

- The role demands working closely with the Vice Chairman at a group level.

Key responsibilities :

Business Outcomes :

- Managing Information / Cyber security in complex and multi-stake holder organization.

- Ensure all regulatory and license compliance requirements.

- Oversight on Licenses of IT assets (CISO is required to act as the checker and not primary responsibility which would vest with the IT procurement/IT ops teams) .

- Reporting to Senior Management and Risk Committee of the Board on a periodic basis.

Risk, Process & Compliance :

- Cyber security posture assessment of Critical Information Infrastructure.

- Evaluate effectiveness of existing or proposed security controls.

- Leading the IS, compliance and process Audit.

- Ownership of enterprise-wide IT Risk, formulation of appropriate policies for minimising such risks and implementation of robust Information Security Management system including

- Policy on Security of physical IT assets

- Vulnerability assessment and periodic penetration testing of all business critical applications & coordination with all stakeholders

- Identification and mitigation of cyber security threats to minimise any outages

- Compliance with all relevant statutory and regulatory guidelines

- Active contributor in design and implementation (including on-going updation) of Business Continuity Plans

- Assessment and control of Information Security Risk of all third party vendors/partners of the company.

- Enterprise data protection and controls related to data access

People :

- Conducting training to create awareness and train resources.

- Manage self and team through the establishment of goal setting and review mechanisms to achieve the objectives of the function

- Ensure adequate training of team members to be able to handle market dynamics and meet the requirements of the business

Any other additional responsibility could be assigned to the role holder from time to time as a standalone project or regular work.

Key Interfaces :

Internal Interfaces :

- Audit

- Risk

- IT

- All departments for the flow of information

External Interfaces :

- All regulatory bodies

- Auditors

- IT Vendors (Software / Hardware / Consultants)

Qualification : Btech / MCA

Experience :

1) 14+years of experience.

2) Domain experience in IT infra management, Information Security, IS Audit and Technology Consulting.

3) Experience in Cyber incident handling, Cyber crisis management, Digital forensic management and process consulting.

Industry : Open ( Consulting IT firm, IT, ITES & BFSI preferred )

Important Points : Need people handling either multiple group companies or multiple clients.

TCPL