IIFL Wealth Management - Head/Vice President - Information Security

Head - Vice President | Information Security

The Head of Information Security will be responsible for designing, building and management of Information Security Framework for the organization with coverage towards information risk and cyber security. Also building and driving the Business Continuity Plans for the organization, handling of logical access management and IT compliance in the organization and its subsidiaries.

Reports to : Chief Information Officer

Key Responsibilities :

- Responsible for aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected.

- Developing, maintaining and overseeing an information security program and information security management system

- Developing, maintaining and overseeing information security policies, procedures and control techniques to address all applicable requirements from ISO and regulators;

- Authorize all exceptions to the compliance security policies, standards and procedures

- Co-ordinate with various teams to ensure timely compliance of all outstanding audit recommendations

- Communicate Information Security policies and frameworks to all functions and ensure adherence of the policy framework with all stakeholders to ensure on-going implementation and maintenance of information security program;

- Report to the management on risk exposure related to information security controls and processes by assessing the implemented technical controls and provide a briefing to senior management on Technology and Information Security matters.

- Program; information derived from automated and continuous monitoring, including threat assessments; and progress on actions to re-mediate threats

- Establish and implement incident management procedures for reporting and handling security incidents.

- Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.

- Reporting senior management on the effectiveness of the information security framework in the organization

Business Continuity Plan :

- Coordinates the development of the organization s disaster recovery and business continuity plans for information systems, and test readiness. Create BCP test cases, BCP document and plan.

- Establish trusted relationships with business stakeholders across the company to understand requirements for the Enterprise Resiliency program.

- Drive continuous improvement of policies, procedures and technology related to Enterprise Resiliency

Key Performance Metrics :

- Continual improvement process, measurement and tracking of overall ISMS maturity and goals of the organization

- Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio

- Conduct internal audits to measure readiness against company security guidelines, ISO27001:2013, COBIT. Plan, schedule and execute internal audits with all stake-owners within the business units

- Coordinating with different stake holders, working with external ISO-27001 and PCI-DSS certifying organizations, certifiers and IT auditors and ensuring end to end compliance for all functions including IT, HR, admin, finance, operations, software development and legal

- Create a good Incident management and tracking program

- Conduct Risk assessments across the functions and present the top risks to management. Create an IT compliance risk assessment framework and periodically assess the regulatory, commercial and organizational, inherent and residual IT compliance risks

- Conduct Risk assessments across the functions and present the top risks to management. Create an IT compliance risk assessment framework and periodically assess the regulatory, commercial and organizational, inherent and residual IT compliance risks

- Work with external 3rd parties, application security vendors and service provider to continuously evaluating their performance and SLAs

- Identify and establish Enterprise Resiliency processes to enable effective reduction of risk associated with disruptive events

- Build strong relationships and processes with partner/other department teams for Disaster Recovery, Crisis Management and related First Responder functions

Preferred Skill sets / Key Competencies :

- Ability to design policies, procedures and standards along with information security training programs. Initiates, facilitates, and promotes activities to develop information security awareness within the organization including conducting internet audit training as per ISO 27001 guidelines

- Should be able to create checklists to be followed for servers, network device and software applications

- A very good understanding of designing and implementation of DLP, advanced end point security, malwares, bots and next gen firewalls, APT solutions exposure including protecting against Ransomware attacks

- Understand application vulnerability concepts, compliance management, patch management, and vulnerability intelligence technology. Good experience in vulnerability remediation position

- Strong analytical and troubleshooting skills

Soft skills & management competencies :

- Post Graduate preferably with professional qualification of Engineering

- 10 - 12+ years of relevant experience; preferably in BFSI sector

- Industry certifications like CISM, CISSP, ISO27001, and ISO22301 LA will be preferred

- Effective and well developed negotiating, influencing and communication skills

- Articulate & Good Communication skills. Integrity and strong interpersonal skills

- Ability to lead a team of professionals and experience with setting up KRAs, performance evaluations as well as keeping the team motivated continuously