EXL - Leader/AVP - Information Security

Primary Responsibility Primarily responsible for :

- Enhance Information Security and Data Privacy capabilities, posture and overall Compliance to the emerging standards and client specific requirements

- Security architecture, policy framework and enforcement governance for ISMS at EXL

- Ensure implementation and compliance to EXL's information security policies (ISO27001), associated regulations and standards

- Facilitate external audits, SAS 70 reviews, SOX 404 reviews, rating agency reviews, customer audits, and actively project-manage the remediation of audit findings

Performance Parameters :

- Maturity of Information Security at EXL

- Compliance to Information Security policies, standards and processes

- Security incident management

- Client relationship management (facilitate external audits, SOX / SAS 70 reviews, rating agency reviews and customer audits)

Role Responsibilities :

- Serve as internal information security consultant to the organization. Responsible for security planning and effectively managing information security risks within the operating environment

- Define information security policies, standards and processes for the organization

- Implement, manage and report on adherence to information security policies & standards

- Conduct and also perform reviews of overall information security risk assessments and associated activities including threat & vulnerability analysis, risk identification and review / approve security plans

- Identify, and report any gaps and issues in risk assessment, risk mitigation, control implementation, testing and monitoring and updating processes

- Facilitate external audits, SAS 70 reviews, rating agency reviews and customer audits, and actively project-manage the remediation of audit findings

- Understand Corporate Incident Management process and requirements, and in the event of an incident work closely with corporate security teams

- Provide direct training and oversight to all employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and processes

- Initiate, facilitate, and promote activities to create information security awareness within the organization

Primary Internal Interactions :

- Technology Group

- Corporate functions viz Internal Audit, HR, Facilities, Finance, Legal, etc

- Business Leadership teams

Primary External Interactions :

- Client IT & Information Security Interfaces / Client Auditors

- Security Product and Service Vendors

Qualification : Minimum Graduation (Science and Engineering Background Only)

One or more of the following certifications : CISSP / CISA / CISM / ISMS Lead Auditor

Experience Total Experience : 9-14 years

- 6-8 Yrs of experience in the field of information security consulting and / or security audits for large corporate/IT/ITES with multiple sites.

- Experience and knowledge on ISO27001, SOX, SAS70, information security audits, security policy & process development, Data Privacy, etc.

- Experience and knowledge of multiple operating systems, databases, networks, ERP, etc

- Risk Management experience implementation of ISO27001 Information Security Management Systems (ISMS) and / or Security control framework based on COBIT or GCC (general computer controls) for SOX404 compliance or SAS 70

- Knowledge & competency in governing SOC, emerging concepts & technologies such as DLP, IDM, End Point Security and emerging Data Privacy regulations such as DPA, HIPAA, GLBA, etc will be an added advantage.

Competencies :

- Strong domain understanding of offshore technology sectors and / or business operations

- Capable of managing project tasks individually and as a team

- Ability to document and explain technical details in a concise & understandable manner

- Excellent client relationship management skills

- Excellent oral and written communication skills

- Excellent Presentation & Public speaking skills