Assistant Vice President - Information & Cyber Security (12-16 yrs)

AVP Information & IT Security shall be senior level executive who shall be entrusted to drive the overall agenda of the Information & Cyber Security of the Company in accordance with the established policies and procedures & implement the information security program through various initiatives by working closely with various stakeholder including external entities such as vendors / third parties and provide periodic updates to the Information Security Committee / senior management. This position shall also be a key contributor to the BCP and Crisis management program of the company. This position shall report to VP IT Infrastructure & Security

Cyber & Information Security Program Leadership:

a) Creates and maintains Cyber Security policies, procedure, and control standards.

b) Produces high quality communication, presenting complex technical matters clearly and concisely with audiences ranging from peers to Sr. Management

c) Maintains current knowledge with respect to technologies and products both in house and in the market.

d) Recommends effective changes to enhance defense and response procedures

e) Drives team to evaluate, tests, and selects security tools and products.

f) Align closely with the business objectives and strategy of the company.

g) Provide advice and support to management and information users in the implementation of Information and Cyber Security Policy.

h) Manage Company-wide information security governance processes, convene the Information Security Committee meetings and lead the Information Security liaisons in the establishment of an information security program and project priorities

Align closely with IT and other functional teams to:

a. Monitor implementation of information security projects / tools / technologies of next generation such as SOC , identity & access management (Email security, Network access, Privilege access, identity access, single sign-on, MFA, MDM) & Data protection (e.g., cryptography, cloud security etc.)

b. Resolve & manage security issues that require an in-depth understanding of the IT environment.

j) Oversee the selection testing, deployment, and maintenance of cyber security initiatives, hardware and software products as well as outsourced arrangements.

k) Leads Security Operations to meet organization Cyber Security objectives & goals

l) Communicate & work closely with IT Team, where operational security issues are identified

m) Ability to anticipate and respond to changing priorities, and operate effectively in a dynamic demand- based environment, requiring extreme flexibility and responsiveness

n) Partners with SOC and Incident Response teams in the event of a security incident to ensure timely mitigation and remediation efforts are completed

Policy, Compliance and Audit:

a) Responsible for all compliance and audits whether regulatory, internal, or external from IT side, be a representative, at regulator and industry forums.

b) Provide leadership, direction, and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.

c) Oversight on compliance with the changing laws and applicable regulations such as PCI, IRDAI, and Cert-FIN.

AVP Information & IT Security shall be senior level executive who shall be entrusted to drive the overall agenda of the Information & Cyber Security of the Company in accordance with the established policies and procedures & implement the information security program through various initiatives by working closely with various stakeholder including external entities such as vendors / third parties and provide periodic updates to the Information Security Committee / senior management. This position shall also be a key contributor to the BCP and Crisis management program of the company. This position shall report to VP IT Infrastructure & Security

d) Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.

e) Coordinate with Internal / external auditors, and outside consultants as appropriate on required security assessments and audits.

Stakeholder Management & Communication:

a) Ability to communicate technical ideas and strategies effectively to non-technical audiences, including executive leadership, via multiple mediums (e.g., written communications, verbal communications, presentations, etc.).

b) Cybersecurity Technology Trends - Demonstrates a strong understanding of emerging trends in the Cybersecurity technology landscape, including new technologies, processes, and ways of working. Able to determine the impact of technological advancement on the company's systems, applications, infrastructure, and practices.

c) Vendor / Contract Management - Ability to build effective relationships with third party providers, suppliers, and partners

Risk Management and Incident Response:

a) Perform information security risk assessments with respect to Company's functional security domains as well as 3rd party vendor environments on an ongoing basis and report any significant risks to the ISC / senior management.

b) Building Information & Cyber Security Risk metrics / dashboards & reports for parameters across various domains.

c) Manage the Information and Cyber Security policy & standards of the Organization, incorporate feedback on the implications of the policy from the senior management and other business units.

d) Control & facilitate the identification, response, investigation, remediation and reporting of information security incidents

e) Managing the advance threat protection & strengthen the cyber incidents response framework & capabilities

f) Develop, implement, and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.

g) Examine impacts of new technologies on the organization's overall information security.

BCP and Cyber Crisis Management:

a) Contribute and enhance the BCP program of the company

b) Ensure Business and IT Resilience goals are met through planning, development and timely review & testing of BCP and DR plans covering people, site, technology and vendor outage scenarios along with business and IT teams

c) Ensure high availability, architectural resilience & recoverability requirements are met for applications and IT Infrastructure as per agreed RTO /RPO driven from BIA

d) Conduct annual BCP Risk Assessment against technology, environmental and geo-political risks and advice senior management on BCP strategies to cover short to long outage scenarios for site/city /country

e) Maintain and test the cyber crisis management plan to respond to cyber crisis, including threat intelligence services, detection, containment, response, recovery, forensic investigation root cause analysis.

f) Conduct periodic scenario-based simulation /tabletop crisis drills to evaluate and validate adequacy of Incident Management and recovery runbooks/playbooks for multiple Cyber Risk events and emerging threats. Present the findings to Senior Management and follow-up on remediation /corrective actions

g) DR /BCP KPIs and Compliance Dashboards & Reports via self-service

Outreach, Education and Training:

a) Promote user awareness initiatives within the organization develop and maintain IS policy, standards, procedures, and guidelines to support the organizations' information security program.

b) Transform the information security program into specific actions which shall include awareness, security infrastructure, security incident response and risk management.

c) Create education and awareness programs and advise business units at all levels on security issues, best practices.

d) Drive proactive Risk Culture through training programs and awareness mailers