VP/SVP/Head - Infosecurity & Compliance - BFS

Key Responsibilities :

- Design a compliance framework and to identify information security goals/ objectives. - Oversee the information security programs including standards, policies and procedures, data protection, risk management, vendor due diligence and compliance.

- Develop, review, recommend and modify information security policies and procedures to ensure adaptation and compliance.

- To plan and establish organization-wide Information security Management System (ISMS) in accordance with ISO 9001 and 27001 standard and other relevant security standards.

- To ensure all infosec and cyber security framework/ policies are deployed, revised, sustained, and overseen effectively with the objective to comply with regulatory requirements and internal standards

- Implement a compliance monitoring program to ensure all centres continue to comply with internal and external requirements such as ISO, HiTrust, HIPAA, Information Security, SOC 1 &2

- Implement required and best practice controls at the operations centers to address Company compliance requirements (including standards related to information security, people security, data privacy, contractual requirements)

- To work closely with functional teams and non-technical leadership to articulate IT security and technical issues in a non-threatening, clear and actionable manner

- Define information security measurement metrics and other key performance indicators - Research and propose best practice solutions for the specific nature of company operations - Identify and implement improvement and efficiency opportunities

- Develops and leads the implementation of an ERM for the entire organization. - Maintains a risk register that reflects identified fraud schemes and applicable laws and regulations.

- Uses a variety of techniques, which include expert opinion and historical simulation, to quantify risk limits for the organization.

- Ensure privacy and security policies to protect the CIA of PHI are enforced across the organization

- Auditing the applications, configurations, and internal practices against standards such as HIPAA, HITRUST etc.

Requirements :

- Professional Certifications (Desirable) ISO 27001 LEAD AUDITOR /Implementer - Proficiency in Security-Compliance, Security and Risk Management operations, auditing, monitoring, and reporting

- Ability to manage and prioritize multiple tasks and work under demanding conditions with many interruptions

- Experience in InfoSec policy creation, documentation, and enforcement

- Thorough knowledge on HIPAA Security and Privacy rules

- Ability to understand technology and pertaining risks

- Excellent written and verbal communication skills

- Excellent judgment and analytical skills

- High degree of professional ethics, integrity, and gravitas

- 20+ Years of relevant experience