Chief Information Security Officer - BFSI

Reports to: Chief Risk Officer. Will have interface with Head-IT

Required Qualification:

- Bachelor of Engineering (relevant stream)/MCA with MBA (optional).

- Relevant certifications like CISA, IS27001 Lead Auditor, CISM, CISSP, CEH, etc.

Required Experience:

- Minimum 15 years of relevant experience with exposure to latest threats/solutions in Information Security and Cyber Security space.

- Managing Information Security for mission critical organizations preferably in BFSI organization.

- Experience in design and development of policies /procedures guidelines.

- Experience in all stages of Cyber Security like protection, detection, response & Recovery etc.

Key Responsibilities:

- Provide leadership to the organization's information security setup, governance, protection, response & recovery

- Develop, implement and monitor a strategy for comprehensive enterprise information security and IT risk management program

- Driving and sustaining ISO27001 certification for the organisation and enhance information security management framework

- Develop and enhance organisation's Information Security policies & procedure.

- Provide regular reporting on the current status of the information security program to senior management and the board of directors.

- Coordinate information security and IT risk management projects.

- Design and conduct security assessment to ensure operational security.

- Review organisations security posture/stance, threats, risks and take appropriate actions to mitigate the same.

- Oversee the periodic internal and external statutory audits and track progress of addressing the gaps identified during the audits

- Interface with the Systems and Network support and Business departments to effectively implement, and monitor security policies & guidelines.

- Selecting appropriate security solutions/tools and coordinate testing, deployment and implementation as well as outsourced arrangements (vendor & contract management). Scan relevant developments / technologies and initiate/participate in pilot/exploratory projects.

- Identify risks and build actionable plans to protect from Cyber security incidents. Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.

- Conduct Vulnerability Assessment & Penetration Testing (VA/PT) and track progress of addressing the identified risks.

- Guide & Monitor Red team, Cyber Security Drills

- Manage information security and risk management awareness training programs for staff

- Ensure that all Information security policies and procedures are communicated to all personnel and that compliance is enforced

- Communicate best practices and risks advisories across the organization

- Maintain current knowledge of the information security field, track new developments in rapidly changing technologies, threats