TM - Business Cyber Security Governance

This role will focus on assessing the effectiveness of our cybersecurity programs and governance frameworks, with a particular emphasis on Application Security, ISO 27001 compliance, and a strong understanding of key cybersecurity frameworks. The ideal candidate will have a comprehensive understanding of both technical security measures and governance practices, enabling them to perform critical risk assessments, ensure regulatory compliance, and enhance our organization s security posture.

 

Job Context & Major Challenges

Aditya Birla Fashion and Retail Ltd. (ABFRL) emerged after the consolidation of the branded apparel businesses of Aditya Birla Group, comprising ABNLs Madura Fashion division and ABNLs subsidiaries Pantaloons Fashion and Retail (PFRL) and Madura Fashion & Lifestyle (MFL), in May 2015. Post- consolidation, PFRL was renamed Aditya Birla Fashion and Retail Ltd.

Aditya Birla Fashion and Retail Limited (ABFRL) is India s first pure-play fashion powerhouse with an elegant bouquet of leading fashion brands and retail formats. The Company has a network of 4,190 stores across approximately 37,352 multi-brand outlets with 9,466 points of sales in department stores across India (as on 30 Jun 2024).

ABFRL s Madura Fashion & Lifestyle Brands are home to some of India s most loved brands Louis Philippe,Van Heusen, Allen Solly, Peter England, Reebok, Forever 21, Simon Carter, and American Eagle that cater to India s premium consumers. With their signature styles, high quality products and differentiated in-store experience, these brands have garnered immense customer loyalty and recall.

As a playground for fashion, Pantaloons offers a wide variety of styles across categories and occasions. The brand speaks to the ever-evolving millennial customer of today who is confident and expressive. Be it through the physical retail experience or online, the Pantaloons experience is exciting, friendly, and uplifting. With a vibrant, expressive, and fun-loving approach to style, the brand seeks to enable the customer to be their fashionable best.

ABFRL cater to the contemporary customer who is aware of international trends. Our international business includes, The Collective - India s largest international multi-brand retailer, select brands such as Ralph Lauren, Hackett London, Ted Baker and Fred Perry.

Van Heusen Innerwear, Athleisure and Active wear is establishing itself as India s most innovative and fashion forward brands launched in the 2016, aiming to redefine the category codes in the mid premium segment.

In addition, to cater to the needs of digitally native consumers, ABFRL is building a portfolio of Digital-first brands under its technology led House of D2C Brands venture TMRW.

The Company s foray into the branded ethnic wear business includes brands such as Sabyasachi, S&N by Shantnu & Nikhil, Tasva, House of Masaba, Jaypore, and Marigold Lane. The Company has strategic partnerships with Designers Sabyasachi , Shantanu & Nikhil , Tarun Tahiliani and Masaba Gupta . Each represents a harmonious blend of traditional elegance and contemporary style, reflecting India s rich heritage and craftsmanship. This division is committed to delivering exceptional quality and unique designs, meeting the aspirations of ethnic wear connoisseurs

Job context:

Key Result Areas KRA (Accountabilities) (Max 1325 Characters) Supporting Actions (Max 1325 Characters)

 

KRA1 Training & Awareness oConduct security awareness training for internal teams on application security, data protection, and regulatory compliance.
oPromote cybersecurity awareness across the organization and collaborate with key stakeholders to ensure adherence to security policies.

 

KRA2 Application Security oWork closely with development teams to ensure security best practices are integrated into the software development lifecycle (SDLC), with an emphasis on application security (eg, secure coding practices, code reviews, security testing).
oPerform security reviews of applications, identifying and mitigating security vulnerabilities such as OWASP Top 10 risks.
oCollaborate with the application development team to provide guidance on secure software design and implementation.
oEvaluate third-party application security risks and collaborate with vendors on mitigating identified vulnerabilities.

 

KRA3 Governance & Compliance oLead the development, implementation, and maintenance of ISO 27001-based Information Security Management System (ISMS) to ensure compliance with industry standards and regulatory requirements.
oCoordinate and assist in ISO 27001 audits, prepare documentation, and ensure continual improvement of the ISMS.
oOversee compliance with various cybersecurity frameworks (eg, NIST, CIS, SOC 2, etc) to align with best practices and industry standards.
oCreate and maintain policies, procedures, and documentation related to cybersecurity governance and compliance.
oSupport the creation of audit reports, risk assessments, and mitigation strategies.

 

KRA4 Cybersecurity Assessment & Risk Management oPerform cybersecurity assessments, focusing on identifying risks, vulnerabilities, and gaps in the security posture, especially in applications.
oDevelop and execute comprehensive security assessments, including penetration testing, vulnerability assessments, and threat modelling oConduct regular risk assessments to evaluate the effectiveness of cybersecurity controls and compliance with internal and external standards.
oAnalyze and assess risks in applications, including web, mobile, and cloud-based applications

Qualifications:

Under Graduate

Minimum Experience Level:
5-10 Years

Report to:
Assistant Vice President