Associate Manager - Banking & Financial Services at Crescendo Global
Views:2432 Applications:34 Rec. Actions:Recruiter Actions:2
Manager/Senior Manager - Information Security/Risk Management - BFSI (4-7 yrs)
Job Description :
Position Manager/Sr. Manager - Information Security Risk Management
Reporting to Vice President - Information Security
Team size (D/I) IC role
JOB SUMMARY :
- To implement Information Security framework based on ISO 27001 framework and NIST guidelines.
- Manage and maintain Business Continuity framework for MLI based on ISO 22301 standard
- To drive Privacy Protection initiatives across the enterprise to ensure effective protection of customer PII data
- To ensure organization meets all Regulatory guidelines including IRDAI Cyber Security Guidelines.
- To ensure adherence to the defined IS and BCP policies and Procedures by conducting periodic reviews
- Managing all Internal and External Audits for IS
- To ensure the protection of all Information assets by establishing and maintaining secure architecture, review of new applications and infrastructure, carrying out Ethical Hacking and Red Teaming exercises.
KEY RESPONSIBILITIES :
IS Governance :
1. Maintain a schedule for timely submission of InfoSec and IT-related issues, risk items, action points and updated policies to the Information Security and Business Continuity Committee and Management Risk Committee
2. Monitor and review the overall IS and IT risk posture of the organization.
Risk Management :
1. Identify, assess, prioritize, manage and monitor the Information Security Risks across various function.
2. Formulate a framework to manage and monitor Information Security Risks and prepare an Enterprise wide Information Security Risk Management Report.
3. Track the Information Security risks along with their mitigation status, which would result in measuring the effectiveness of information security posture of the organization.
Privacy Governance :
1. Maintain privacy governance framework.
2. Oversee the implementation and review of privacy controls.
3. Develop categories and definitions that provide guidelines used to determine the appropriate level of protection for information required for Max Life Insurance
4. Develop and maintain internal policies, standards, processes, procedures, and practices that prevent and detect fraud, misuse, and abuse of customer PII information.
5. Ensure that Privacy Impact Assessments are carried out on all new projects where required
Regulatory Compliances :
1. Ensure compliances to all regulatory guidelines including IRDAI Cyber Security guidelines, Aadhaar and IRDAI ISNP Ecommerce Platform guidelines.
Vendor Risk Governance :
1. Review vendor contracts to ensure that risk management requirements are defined and addressed.
BCM Governance :
1. Review and ongoing maintenance of BCM governance framework.
2. Oversee the development and testing of BC/DR plans.
3. Designing, Updating and Reviewing Business Continuity Plans with respective functional owners
4. Coordinating with various stake holder for updating and maintaining Business Continuity Plans in Max Life
Cyber Security ;
1. Identification and assessment Information Security Risks in Application Security projects
2. Identification and assessment Information Security Risks in Ethical Hacking and Penetration Testing project
3. Understand and maintain DLP and IRM tools to ensure proper protection of customer PII data.
4. Assess Cloud Infrastructure and applications and propose and implement various security strategies to ensure protection of Cloud Assets.
1. Strong influencing, networking skills
2. Analytical skills and process orientation
3. Strategic thinking and decision-making capabilities
4. Self-starter with strong self-motivation and a capacity to improve
5. Strong Presentation and communication skills
MEASURES OF SUCCESS :
1. Reduction in security, continuity and privacy-related risk issues for Max Life Insurance
2. Adherence to regulatory guidelines on information and cyber security
3. Adherence to ISO Standards on security and continuity
4. Protection against cyber threats/ Attacks
5. Awareness around IS/ BCP
6. No Leakage of customer data
Desired qualification and experience :
- Graduate in Computer Science or IT
- Professionally qualified (MBA / MCA / BE / B.Tech.) with suitable IS certifications (ISO 27001, ISO 22301, Security +, CISSP/ CISM desirable )
- Should have worked in IS function in an IT / BFSI organization
- Could also be from an Information Security background from one of the big accounting firms
- Provide 4 to 7 years of experience working on Information Security and minimum 2 to 3 years in implementing and monitoring Business Continuity and Disaster Recovery Services or handled BCP on behalf of large departments.