Responsibilities :

Operational :

- Understanding business processes and assessing the criticality of the technological solutions being used to carry out business functions.

- Review business Level processes and new initiatives for Cyber security requirements and help in incorporating industry best practices.

- Continuously monitor and assess execution of security policy and validate necessary controls are in place.

- Support security governance processes and serve as cyber security interface to the business.

- Enable User education/ awareness on Cyber Policy and its enforcement.

- Identify, report service level attainment results, and highlight improvement opportunities.

- Drive continuous process improvements for Cyber operations and benchmark them with industry standards

Project Management :

- Design and implement BU level Cyber security projects as per the business requirements.

- Lead and manage projects that drive execution of security policy and validation of necessary controls.

Risk Management & Compliance :

- Oversee deployment of strategic interventions to mitigate risks and address vulnerabilities.

- Forefront initiatives to monitor and drive adherence of Cyber operations to protocols, legal and regulatory compliances at group and business level.

- Build security reporting dashboards for capturing risk status of different systems.

- Revisit operations policies/ frameworks in accordance to changing business, technology landscape and regulatory environment.

Security Audit :

- Plan and implement the internal audit of IT, OT, and business processes across the organization in collaboration with the Group and Business Audit and assurance counterparts.

- Ensure testing and evaluation of system controls, policies, and procedures as required.

- Empanel audit agencies for security audit and ensure audits are conducted as defined and co-lead interface with auditors.

- Monitor and track all security controls for potential issues, perform verification assessment of controls and determine and update necessary controls to ensure documentation in enterprise security plan.

- Identify and maintain a repository of leading security practices and standards used. Report on the implementation of leading practices and standards and map them to controls and metrics.

- Plan and comply application and infrastructure vulnerability assessment at business level including Operational Technology landscape.

Vendor-Partner Management and Engagement :

- Track partner performance to ensure project delivery basis expected quality, timelines and budgetary considerations, and address non-performance; Conduct regular partner performance reviews based on project criticality.

- Manage escalations related to partner (non)performance, scoping issues, partner pay-outs.

- Cultivate strategic relationships with partners and effectively leverage them for value additions.

- Engage with partners on a frequent basis for a win-win relationship; Facilitate organization of capability road shows/ POCs by partners to increase partner engagement with the organization

People Management :

- Working with Cyber, IT and OT teams

- Communication with sites.

- Coordination with other departments and functions

- Coordination with other organizations

- Dealing with service providers.

KRAs with Outcomes (Jobs which brings value to the organization) :

Domain KRA (Key Result Ares) KPI (Key Performance Indicator) :

- Minimizing Business Impact Minimizing Business impact due to Cybersecurity issues.

- Business Loss due to Cybersecurity issues. (% of EBITDA)

- Security Review Review of Service requests and New Projects w.r.t Cybersecurity

- Requests reviewed within SLA (%).

- Projects reviewed within SLA (%).

- Ensure Compliance Compliance to Legal and Regulatory guidelines related to Cybersecurity

- Compliance to Legal and Regulatory guidelines. (% compliance against total requirements)

- Timely communication and co-ordination with the regulatory agencies (%).

- Ensuring effectiveness of Security Controls Ensuring security controls are effective for endpoints, servers, and network.

- Ensuring Coverage of endpoint security agents (%)

- Ensuring Coverage of Server security agents (%)

- Ensuring policy review and other effectiveness measures of network security (%)

- Vulnerability Remediation Closure of Identified vulnerabilities

- % Of Vulnerabilities closed as per policy requirement.

- Cybersecurity Awareness To facilitate and nurture deep-rooted cybersecurity culture.

- To develop relevant processes and systems, and behavioral training to employees to sustain cybersecurity consciousness and culture in the businesses.

- Cybersecurity governance Establish and manage governance in cyber security function

- Governance MIS report preparation and dissemination as per schedule

- (% of reports sent as per schedule)

- Incident Management Managing Cybersecurity incidents for the organization

- Response to Cybersecurity incidents as per established process and closure within SLAs.

- (% of incidents closed within timelines)

- Budget Governance Planning and managing the budget for the Cybersecurity function

- Adherence to the Planned budget

- (% deviation from the approved figures)

Qualifications :

Educational Qualification : Bachelor's Degree or equivalent in an IT or similar discipline from an institute recognized by UGC / AICTE.

Certifications : Professional Certifications like CISSP / CISM / CISA, ISMS Lead Implementor / IEC 62443.