Senior AVP - Info Security Policy Awareness & Risk Management

Job Description :

Primary Responsibility Primarily responsible for:

- Planning, creating, establishing, managing, monitoring and serving as a subject matter expert in leading the Enterprise-wide Information Security Risk framework

- Developing policies, standards and procedures necessary to ensure company compliance with all applicable law and regulations.

- Developing and reporting information security risk metrics, including Key Risk Indicators

- Maintaining the Acceptable Risk Document (ARD)

- Facilitating both internal and external audits, customer visits, and actively project-manage the remediation of audit findings.

- Responding to Client RFPs and Questionnaires on Security and manage key client audits.

Performance Parameters

- Compliance to Information Security policies, standards and processes

- Client relationship management(facilitate external audits, PCIDSS, ISO 27001, customer audits)

- Risk Metric reporting - Manage and develop an information security risk dashboard to track IS risk assessment activities, remediation efforts, and consolidated risk metric reporting.

Role Responsibilities

- Responsible for planning, creating, establishing, managing, monitoring and serving as a subject matter expert in leading the Enterprise-wide Information Security Risk framework;

- Manages the process and conduct information security reviews across multiple internal business units and enabling functions, external third parties, partners and systems.

- Develops policies, standards and procedures necessary to ensure company compliance with all applicable law and regulations.

- Leads the development of risk management strategies through the identification, quantification and mitigation of risk that can impact the organization.

- Manages the communication with senior management, internal business units, and external and internal auditors.

- Leads the development and reporting of information security risk metrics, including Key Risk Indicators.

- Manages and develop an information security risk dashboard to track IS risk assessment activities, remediation efforts, and consolidated risk metric reporting.

- Stays informed about the latest security threats and vulnerabilities. Reviews information security policies, procedures, network diagrams and other relevant documentation;

- Determines and documents information security risks and suggests controls necessary for the protection of sensitive information.

- Chairs the information security working groups

- Coordinates and presents security reviews findings to the Enterprise Security team.

- Conducting information security trainings and awareness sessions

Primary Internal Interactions

- Technology Group

- DRP / BCP teams

- Corporate functions viz., Internal Audit, HR, Facilities, Finance, Legal etc.

- Business Units i.e. TTL, Insurance, Analytics etc.

Primary External Interactions

- Client/Client Auditors

- Third Party suppliers and service providers

- Security product and service vendors

Qualification Bachelor's degree in information technology or computer science related field.

One or more of the following certifications are desirable:

- CISA - Certified Information Systems Auditor

- CISSP - Certified Information Systems Security Professional

- CISM - Certified Information Security Manager

Strong knowledge of information security frameworks (NIST, ISO, HITRUST).

Experience: Ten years plus of related experience in Management positions or in a consulting role with a broad view of operational processes.

Security certifications that are most relevant for this position include:

- CISA - Certified Information Systems Auditor

- CISSP - Certified Information Systems Security Professional

- CISM - Certified Information Security Manager

Ability to understand requirements and business drivers and priorities, and integrate these requirements into overall security design.

Competencies

- Auditing and Risk Management experience.

- Strong domain understanding of offshore technology sectors and / or business operations

- Strong analytical and quantitative skills

- Ability to maintain and develop peer, customers and partner relationships

- Ability to develop security strategies consistent with business core values

- Ability to interact effectively with senior executives

- Strong time management skills and experience, including ability to manage multiple time dependent projects in parallel and on short deadlines

- Excellent written and verbal communication skills, including development and delivery of concise, effective presentations

- Exceptional interpersonal and team-building skills with experience in matrix and remote management

- Strong project and process management skills

- Ability to document and explain technical details in a concise & understandable manner

- Excellent Presentation & Public speaking skills

- Ability to work independently in a self-directed manner and collaboratively as a team leader or member.

Other duties as assigned