Reports to: Chief Risk Officer. Will have interface with Head-IT
Required Qualification:
- Bachelor of Engineering (relevant stream)/MCA with MBA (optional).
- Relevant certifications like CISA, IS27001 Lead Auditor, CISM, CISSP, CEH, etc.
Required Experience:
- Minimum 15 years of relevant experience with exposure to latest threats/solutions in Information Security and Cyber Security space.
- Managing Information Security for mission critical organizations preferably in BFSI organization.
- Experience in design and development of policies /procedures guidelines.
- Experience in all stages of Cyber Security like protection, detection, response & Recovery etc.
Key Responsibilities:
- Provide leadership to the organization's information security setup, governance, protection, response & recovery
- Develop, implement and monitor a strategy for comprehensive enterprise information security and IT risk management program
- Driving and sustaining ISO27001 certification for the organisation and enhance information security management framework
- Develop and enhance organisation's Information Security policies & procedure.
- Provide regular reporting on the current status of the information security program to senior management and the board of directors.
- Coordinate information security and IT risk management projects.
- Design and conduct security assessment to ensure operational security.
- Review organisations security posture/stance, threats, risks and take appropriate actions to mitigate the same.
- Oversee the periodic internal and external statutory audits and track progress of addressing the gaps identified during the audits
- Interface with the Systems and Network support and Business departments to effectively implement, and monitor security policies & guidelines.
- Selecting appropriate security solutions/tools and coordinate testing, deployment and implementation as well as outsourced arrangements (vendor & contract management). Scan relevant developments / technologies and initiate/participate in pilot/exploratory projects.
- Identify risks and build actionable plans to protect from Cyber security incidents. Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
- Conduct Vulnerability Assessment & Penetration Testing (VA/PT) and track progress of addressing the identified risks.
- Guide & Monitor Red team, Cyber Security Drills
- Manage information security and risk management awareness training programs for staff
- Ensure that all Information security policies and procedures are communicated to all personnel and that compliance is enforced
- Communicate best practices and risks advisories across the organization
- Maintain current knowledge of the information security field, track new developments in rapidly changing technologies, threats
Didn’t find the job appropriate? Report this Job