Coromandel International - AGM - IT Security

Education: Post Gradutae/Graduate

Key Responsibilities:

1. Strategic

- Identify information security goals and objectives consistent with organization business need/objectives.

- Define the scope and boundaries of the information security program.

- Understand legal and regulatory requirement.

- Define information security implementation strategies.

- Define risk management framework.

- Define information security measurement metrics and other key performance indicators.

- Get approval for information security plan, budget and resources from top management.

Operational

- Define formal process for creating, documenting, reviewing, updating, and implementing security policies and Define information security policy.

- Define policy for classification of information and information assets.

- Get approval of information security policies, procedures, guidelines and processes.

- Assist in developing, maintaining, reviewing and improving strategic organization wide information security and risk management plan.

- Disseminate information security policies, procedures and guideline to all concerned.

- Enforce implementation of approved information security policies, procedures, guideline and ISMS etc.

- Periodically evaluate and review effectiveness of information security policies, procedures, standards, guideline and processes, ISMS etc.

- Monitor and react to alerts and advisories with respect to new vulnerabilities / threats

- Implement automated and continuous monitoring of security incidents.

- Maintain a record of information security incidents and breaches.

- Take remedial action to reduce / diminish the impact of information security incidents and breaches.

- Raise information security awareness among management, employees, contractors and other stake holders.

- Provide role-based training on information security to the workforce.

- Coordinate and lead in implementation of Disaster Recovery (DR)/Business Continuity Plan (BCP)

- Periodically conduct mock drill to evaluate effectiveness of DR/BCP

- Coordinate with external agencies to perform information security audit at least annually or whenever significant changes have been made in IT systems/Infrastructure.

- Prepare information security audit report along with recommendations for improving information security.

- Appraise senior management on status of information security audit findings and issue resolutions.