Information Security Officer - Risk - Telecom/ISP

The candidate shall be responsible for the following :

Information Security Program Leadership :

a) Align closely with the business objectives and strategy of the company.

b) Provide advice and support to management and information users in the implementation of Information and Cyber Security Policy.

c) Manage Company-wide information security governance processes, convene the Information Security Committee meetings and lead the Information Security liaisons in the establishment of an information security program and project priorities

d) Align closely with IT and other functional teams to :

a. Monitor implementation of information security projects / tools / technologies of next generation such as identity & access management (Network access, Privilege access, identity access, single sign-on, MFA, MDM) & Data protection (e.g. cryptography, cloud security etc.)

b. Resolve & manage security issues that require an in-depth understanding of the IT environment.

e) Oversee the selection testing, deployment, and maintenance of security hardware and software products as well as outsourced arrangements

Policy, Compliance and Audit :

a) Responsible for all compliance and audits whether regulatory, internal or external from IT side, be a representative, at regulator and industry forums.

b) Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.

c) Oversight on compliance with the changing laws and applicable regulations such as PCI, IRDAI, and Cert-FIN.

d) Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.

e) Coordinate with Internal / external auditors, and outside consultants as appropriate on required security assessments and audits.

Risk Management and Incident Response :

a) Perform information security risk assessments with respect to Company's functional security domains as well as 3rd party vendor environments on an ongoing basis and report any significant risks to the ISC / senior management.

b) Building Information & Cyber Security Risk metrics / dashboards & reports for parameters across various domains.

c) Manage the Information and Cyber Security policy & standards of the Organization, incorporate feedback on the implications of the policy from the senior management and other business units.

d) Control & facilitate the identification, response, investigation, remediation and reporting of information security incidents