Chief Information Security Officer - NBFC

Roles & Responsibilities:

1. Adherence to Regulatory Guidelines:

- Draft / Coordinate / Monitor IT process/policies to ensure compliance as per necessity by IT Act/ statutory & regulatory (e.g. RBI, SEBI, GDBR, UIDAI etc.) / info security (ISM) guidelines and circulars with respect to Technology in coordination with internal & external stakeholders

- Review of regulatory / Indian Govt. Information Technology / data Security guideline as an when it circulate/publish.

- Conducting IT committee's as per ISM schedule and necessity advised by regulatory.

- Drafting/Circulating MOM of IT committee meetings to respective members and business as & when required.

- Preparing & updating business wise IT infra details which largely required for Compliance/Legal team for regulatory filing.

- Review and filling of mandatory IT documentation with respective regulatory body as necessary.

2. Manage IT Policies & Procedures :

- Responsible for drafting & ensuring implementation of IT Policies and procedures at the operational level.

- Formalize, conduct vendor risk assessments & audits, ensure implementation of identified gaps.

- Improvise and keep internal IT / IS manuals updated with all relevant regulations relating to IT. Periodic review of Information Security Manual (ISM) understanding business/regulatory/data security/technology etc.

- Introducing and Drafting of process/policies based on finding/observation.

- Periodic review of IT process/policies and issue an advisory note to overcome gaps/loops by highlighting risk associated to it.

- Introducing new process/policies by doing market study/survey relevant to our business and info/infra security by highlighting risk and necessity.

- Ensuring adherences of key process / policies execution and availability of audit trails.

3. Manage Information Systems Risk Assessments & audits :

- Plan, Coordinate, review & manage IT / IS Risk Assessments & IT audits, VAPT with relevant stakeholders (internal & external, including vendors)

- Plan, Conduct, Review & Manage periodic IT audit and IT Risk Assessments (internal & external)

- Responsible to carry out periodic Internal & External IT, Process, Policy, VAPT, System Audit. Management

- Closure of audit finding with amendment to existing process/policy in order to close open loops/gaps or introduce new process/policy to close the risk.

4. Manage IT & Cyber Security :

- Plan, formulate, coordinate, implement, monitor & manage the cyber crisis management plan (CCMP).

- Ensure necessary cyber security safeguards are designed & implemented.

- Management of cyber security, related incident & reporting to management and respective regulatory body. Responsible for Incident Management and resolution

- Providing relevant data IT info Sec to Partner Function/ Business as an when required.

5. BCP & DR:

- Responsible for formulation, review & monitoring BCP plans and it's implementation.

- Coordinate to conduct BCP / DR drills, present findings

- Suggest/implement & constantly update BCP / DR plans.

- Be the IT-SPOC for BCP

- Review & update IT-DR Manual / Plan