Assistant Vice President - Cyber Security (7-12 yrs)

Position Title : Associate Vice President - Cyber Security.

Role : Assist the CISO by managing Core Cyber Security programs and handling strategic planning of Cyber security.

Reporting To : Chief Information Security Officer (CISO).

Key Responsibilities :

- Handling the Core Security infrastructure planning, architecture & security operations.

- Drawing up and implementing new Cyber security initiatives, preparing cyber security architecture of the meet its projected needs and to remain abreast of times in terms of Cyber Security Standards & Procedures.

- Guiding and monitoring Vulnerability management program, Red team exercises, Cyber Resilience exercises etc.

- Initiating pro-active compliance measures to comply with legal & regulatory as well as group guidelines.

Key Performance Areas :

- ICT Security Infrastructure / Cyber Security Planning.

- Draw and update periodically Cyber Security program.

- Analyse and establish security requirements/ systems/networks including Cloud setups.

- Defend systems against unauthorized access, modification and / or destruction.

- Design Offensive and Defensive Security practices.

- Design vulnerability management program and conduct various types of security compliance assessments / Vulnerability testing, risk analysis etc. to ensure operational security.

- Defining security standards for different areas like technology risk assessment, access privileges, control structures and resources.

- Oversee and monitor routine security administration.

- Manage Cyber Security Maturity Assessment initiatives.

- Establish cyber security requirements for Third Party / External Party system integrations with Company's systems as well as support for Third Party Infosec risk management.

- Support for establishing day-to-day monitoring practices of Cyber SOC based on legal / regulatory requirements and best practices.

- Incident Management : Respond immediately to security incidents, manage remediation and provide post-incident analysis, identify abnormalities and report violations.

- Train fellow employees in security awareness, protocols and procedures.

- Research and recommend security upgrades, new security solutions etc.

- Provide technical advice to colleagues.

Management reporting :

- Co-ordinate with external/regulatory agencies.

Vendor Management :

- Maintain relationships with company's partners who support various IT security infrastructure components, reviews / assessments etc.

- Enhance the level of monitoring mechanisms for these partners' performance and delivery standards / SLAs.

- Negotiate contracts with vendors and manage costs and schedule of deliverables.

- Work with multi department and multi vendor situations.

Compliance :

- Ensure implementation of proper standards for cyber risk governance as well as regulatory compliance.

- Be responsible for cyber security management and compliance with Information and Cyber Security policy framework as well as legal /regulatory.

- Prescriptions and Group guidelines.

Provide Expertise :

- Provide industry expertise in all aspects of the Cyber security needs/program.

- Track a broad range of emerging cyber security technologies to determine their maturity and applicability to the Company.

- Map current and future cyber security standards.

- Develop standards and benchmarking for IT security being used in the company.

- Evaluate the cost efficiency of emerging security related technologies and assess their applicability to current needs of the company.

Critical competencies :

- Professional degree /certifications :

- Knowledge in the areas of Information and Cyber Security.

- Team building, Coordination, Follow-up, Persuasive.

Person Profile :

- Engineering Graduate/ Management Graduate with ISO 27001 LA / CEH.

- Preference will be given to candidates having professional certifications of CISSP / CISA/CISM/CRISC and having knowledge as well as job experience on ISO 27001 implementation/system administration/management of application software development & support apart from the above cyber security mgmt experience.

Key Skills :

- Keen interest in Information and Cyber Security and developments in the sector.

- Attention to detail, analytical abilities and the ability to recognize trends in data.

- Creativity and patience; Logic and objectivity; Inquisitive nature.

- Proactive approach with the confidence to make decisions.

- Methodical and well-organized approach to work.

- Ability to work under pressure and meet deadlines.

- Good communication skills and the ability to interact effectively with a range of people.

- Understanding of confidentiality issues and the law relating to them.

Key Interactions :

- Chief Actuary & Chief Risk Officer, CIO, CISO, CITSO, CAO, Group CISO.

- Head/Team Leader of different teams of IT, Risk Mgmt. and Business Departments, Key Persons at Offices & Branches.

- Information Security Consultants/Service Providers.

Measures of success :

- Successful Implementation and management of Cyber Security Programs in mitigating the overall cyber security risks of the company.

- Information and Cyber Security responsibilities are effectively communicated to all role holders.

- Cyber Risk mitigation measures are appropriate and in line with global best practices.