Responsibilities:
1. Develop and Implement Information Security Strategy:
- Develop and execute a comprehensive information security strategy aligned with business objectives.
- Oversee the establishment, communication, and maintenance of information security policies and procedures.
2. Risk Management:
- Identify, assess, and prioritize security risks and vulnerabilities.
- Implement risk management programs to ensure the confidentiality, integrity, and availability of information assets.
3. Security Governance:
- Provide leadership and direction for the information security function.
- Collaborate with executive management and department heads to align security initiatives with organizational goals.
4. Compliance and Regulatory Oversight:
- Ensure compliance with relevant laws, regulations, and industry standards.
- Stay abreast of changes in cybersecurity laws and regulations, adjusting policies and procedures accordingly.
5. Incident Response and Management:
- Develop and implement an incident response plan to address security incidents promptly and effectively.
- Coordinate with relevant stakeholders during security incidents, investigations, and forensic activities.
6. Security Awareness and Training:
- Establish a comprehensive security awareness program for employees.
- Provide training and guidance on security best practices.
7. Security Technology Evaluation and Implementation:
- Evaluate and recommend security technologies, tools, and services.
- Oversee the implementation and maintenance of security solutions.
8. Vendor Security Management:
- Assess and manage the security posture of third-party vendors.
- Ensure that contracts with vendors include appropriate security requirements.
9. Security Metrics and Reporting:
- Develop and maintain key security metrics to measure the effectiveness of the security program.
- Provide regular reports to executive management and other stakeholders.
10. Collaboration and Communication:
- Foster a culture of collaboration between IT, risk management, compliance and business units.
- Communicate effectively with internal and external stakeholders on security-related matters.
Qualifications:
- Bachelor & degree in Information Security, Computer Science, or a related field. Master & degree preferred.
- 10+ years of proven experience at the highest level of information security management with 3+ years on leadership roles.
- Relevant certifications such as CISSP, CISM, or CISA.
- In-depth knowledge of security frameworks, standards, and best practices (ISO 27001, NIST, etc.).
- Proven leadership, problem-solving, and critical thinking abilities
- Proven ability/experience to establish and implement information security policies and procedures
- Strong understanding of risk management, compliance, and governance.
- Experience with IT security risk assessment and mitigation
- Excellent communication and interpersonal skills.
- Ability to lead and inspire a team of cybersecurity professionals.
- Demonstrated experience in incident response and crisis management.
We encourage applications from candidates having background and experiences working for large Bank / NBFC / Financial Institutes / Financial Services.
Didn’t find the job appropriate? Report this Job