Principal Consultant at Talent Leads Consultants
Views:1328 Applications:252 Rec. Actions:Recruiter Actions:192
General Manager/Chief Information Security Officer - Cyber Security - IT (15-25 yrs)
- Understanding business processes and assessing the criticality of the technological solutions being used to carry out business functions.
- Review business Level processes and new initiatives for Cyber security requirements and help in incorporating industry best practices.
- Continuously monitor and assess execution of security policy and validate necessary controls are in place.
- Support security governance processes and serve as cyber security interface to the business.
- Enable User education/ awareness on Cyber Policy and its enforcement.
- Identify, report service level attainment results, and highlight improvement opportunities.
- Drive continuous process improvements for Cyber operations and benchmark them with industry standards
Project Management :
- Design and implement BU level Cyber security projects as per the business requirements.
- Lead and manage projects that drive execution of security policy and validation of necessary controls.
Risk Management & Compliance :
- Oversee deployment of strategic interventions to mitigate risks and address vulnerabilities.
- Forefront initiatives to monitor and drive adherence of Cyber operations to protocols, legal and regulatory compliances at group and business level.
- Build security reporting dashboards for capturing risk status of different systems.
- Revisit operations policies/ frameworks in accordance to changing business, technology landscape and regulatory environment.
Security Audit :
- Plan and implement the internal audit of IT, OT, and business processes across the organization in collaboration with the Group and Business Audit and assurance counterparts.
- Ensure testing and evaluation of system controls, policies, and procedures as required.
- Empanel audit agencies for security audit and ensure audits are conducted as defined and co-lead interface with auditors.
- Monitor and track all security controls for potential issues, perform verification assessment of controls and determine and update necessary controls to ensure documentation in enterprise security plan.
- Identify and maintain a repository of leading security practices and standards used. Report on the implementation of leading practices and standards and map them to controls and metrics.
- Plan and comply application and infrastructure vulnerability assessment at business level including Operational Technology landscape.
Vendor-Partner Management and Engagement :
- Track partner performance to ensure project delivery basis expected quality, timelines and budgetary considerations, and address non-performance; Conduct regular partner performance reviews based on project criticality.
- Manage escalations related to partner (non)performance, scoping issues, partner pay-outs.
- Cultivate strategic relationships with partners and effectively leverage them for value additions.
- Engage with partners on a frequent basis for a win-win relationship; Facilitate organization of capability road shows/ POCs by partners to increase partner engagement with the organization
People Management :
- Working with Cyber, IT and OT teams
- Communication with sites.
- Coordination with other departments and functions
- Coordination with other organizations
- Dealing with service providers.
KRAs with Outcomes (Jobs which brings value to the organization) :
Domain KRA (Key Result Ares) KPI (Key Performance Indicator) :
- Minimizing Business Impact Minimizing Business impact due to Cybersecurity issues.
- Business Loss due to Cybersecurity issues. (% of EBITDA)
- Security Review Review of Service requests and New Projects w.r.t Cybersecurity
- Requests reviewed within SLA (%).
- Projects reviewed within SLA (%).
- Ensure Compliance Compliance to Legal and Regulatory guidelines related to Cybersecurity
- Compliance to Legal and Regulatory guidelines. (% compliance against total requirements)
- Timely communication and co-ordination with the regulatory agencies (%).
- Ensuring effectiveness of Security Controls Ensuring security controls are effective for endpoints, servers, and network.
- Ensuring Coverage of endpoint security agents (%)
- Ensuring Coverage of Server security agents (%)
- Ensuring policy review and other effectiveness measures of network security (%)
- Vulnerability Remediation Closure of Identified vulnerabilities
- % Of Vulnerabilities closed as per policy requirement.
- Cybersecurity Awareness To facilitate and nurture deep-rooted cybersecurity culture.
- To develop relevant processes and systems, and behavioral training to employees to sustain cybersecurity consciousness and culture in the businesses.
- Cybersecurity governance Establish and manage governance in cyber security function
- Governance MIS report preparation and dissemination as per schedule
- (% of reports sent as per schedule)
- Incident Management Managing Cybersecurity incidents for the organization
- Response to Cybersecurity incidents as per established process and closure within SLAs.
- (% of incidents closed within timelines)
- Budget Governance Planning and managing the budget for the Cybersecurity function
- Adherence to the Planned budget
- (% deviation from the approved figures)
Educational Qualification : Bachelor's Degree or equivalent in an IT or similar discipline from an institute recognized by UGC / AICTE.
Certifications : Professional Certifications like CISSP / CISM / CISA, ISMS Lead Implementor / IEC 62443.