Partner at Premier Consultants
Views:397 Applications:106 Rec. Actions:Recruiter Actions:10
Chief Information Security Officer - NBFC (14-16 yrs)
Roles & Responsibilities:
1. Adherence to Regulatory Guidelines:
- Draft / Coordinate / Monitor IT process/policies to ensure compliance as per necessity by IT Act/ statutory & regulatory (e.g. RBI, SEBI, GDBR, UIDAI etc.) / info security (ISM) guidelines and circulars with respect to Technology in coordination with internal & external stakeholders
- Review of regulatory / Indian Govt. Information Technology / data Security guideline as an when it circulate/publish.
- Conducting IT committee's as per ISM schedule and necessity advised by regulatory.
- Drafting/Circulating MOM of IT committee meetings to respective members and business as & when required.
- Preparing & updating business wise IT infra details which largely required for Compliance/Legal team for regulatory filing.
- Review and filling of mandatory IT documentation with respective regulatory body as necessary.
2. Manage IT Policies & Procedures :
- Responsible for drafting & ensuring implementation of IT Policies and procedures at the operational level.
- Formalize, conduct vendor risk assessments & audits, ensure implementation of identified gaps.
- Improvise and keep internal IT / IS manuals updated with all relevant regulations relating to IT. Periodic review of Information Security Manual (ISM) understanding business/regulatory/data security/technology etc.
- Introducing and Drafting of process/policies based on finding/observation.
- Periodic review of IT process/policies and issue an advisory note to overcome gaps/loops by highlighting risk associated to it.
- Introducing new process/policies by doing market study/survey relevant to our business and info/infra security by highlighting risk and necessity.
- Ensuring adherences of key process / policies execution and availability of audit trails.
3. Manage Information Systems Risk Assessments & audits :
- Plan, Coordinate, review & manage IT / IS Risk Assessments & IT audits, VAPT with relevant stakeholders (internal & external, including vendors)
- Plan, Conduct, Review & Manage periodic IT audit and IT Risk Assessments (internal & external)
- Responsible to carry out periodic Internal & External IT, Process, Policy, VAPT, System Audit. Management
- Closure of audit finding with amendment to existing process/policy in order to close open loops/gaps or introduce new process/policy to close the risk.
4. Manage IT & Cyber Security :
- Plan, formulate, coordinate, implement, monitor & manage the cyber crisis management plan (CCMP).
- Ensure necessary cyber security safeguards are designed & implemented.
- Management of cyber security, related incident & reporting to management and respective regulatory body. Responsible for Incident Management and resolution
- Providing relevant data IT info Sec to Partner Function/ Business as an when required.
5. BCP & DR:
- Responsible for formulation, review & monitoring BCP plans and it's implementation.
- Coordinate to conduct BCP / DR drills, present findings
- Suggest/implement & constantly update BCP / DR plans.
- Be the IT-SPOC for BCP
- Review & update IT-DR Manual / Plan