Business Information Security Officer (BISO)

Accountabilities Key Performance Indicators
Work under guidance of Group CISO and Business CIO, and be responsible for Information security operations, Risk management and Security Solutions for the business


1

Information security program maturity
2

Effective compliance to Information security policies, processes and procedures
3

Ability to timely identify, communicate and mitigate business information security risks
4

Effective organizational information security culture
5

Performance of information security metrics within SLAs and project execution per plan
6

Continuous learning and certification attainment


7

Stakeholder feedback on security initiatives and support


8

Effectiveness of security controls and technologies


9

Completion rates of security training programs


10

Reduction in identified vulnerabilities and risks over time


11

Compliance with regulatory standards (Cert-In, NISST, ISO, DPDP) and industry-specific OT security frameworks (e

g

, ISA/IEC 62443)

Establish and maintain governance frameworks, policies, and procedures to ensure effective management of information security risks, including those specific to Operational Technology (OT)


Build and maintain effective relationship with a Business and Technology stakeholders to effectively drive information security program vision



Maintain and communicate the Information security controls health and program status to the management



Own and communicate the roadmap for Information security, aligned with Group information security strategy and program



Conduct regular risk assessments and vulnerability evaluations specific to airport and energy plant IT / OT environments

Implement risk mitigation measures and monitor the effectiveness of controls to reduce security risks related to IT/ OT systems


Lead incident response planning and execution for cybersecurity incidents affecting both IT and OT environments in airport and energy plant operations

Coordinate with internal teams and external stakeholders to investigate and respond to security breaches and incidents promptly, ensuring minimal disruption to operations

Foster a culture of security awareness and compliance throughout the organization, including OT systems and their integration with IT
Ensure compliance with relevant regulatory requirements, industry standards, and best practices related to information security in airport and energy sectors
Collaborate with IT and OT teams to implement and manage security technologies, including firewalls, intrusion detection systems, endpoint protection, and specialized OT security solutions

Monitor security infrastructure for vulnerabilities and recommend improvements to enhance overall security posture in both IT and OT domains


Coordinate testing and validation of contingency plans to ensure readiness for potential disruptions or disasters affecting critical infrastructure
Plan, build and deliver Information Security services and initiatives to:
support Information security compliance activities and audits, including regular policies and configuration reviews
run projects for security capability / maturity improvement in line with group s Information security vision
deliver point services such as vulnerability assessments, project risk assessments, architecture reviews
perform technical security review (infra, apps, processes) for business/ technology initiatives and any changes to the environment

Advise business stakeholders on how to achieve the relevant Information security controls and assist with solutions to support them



Effectively represent business in front of Government sectoral and nodal cybersecurity and investigative agencies like Bureau of Civil Aviation Security (BCAS), National Critical Information Infrastructure Protection Center (NCIIPC), Cert-IN, CBI etc

Internal - Roles you need to interact with inside the organization to enable success in your day to day work
Human Resources (Manager or other applicable roles) - To enable processes related to user awareness
Facilities Management (Manager or other applicable roles) - To enable processes related to Physical Security


Legal and Compliance (Manager or other applicable roles) - To enable implementation of Legal and Compliance requirements such as IT Act


Ethics and Integrity (Manager or other applicable roles) - To facilitate investigations


External Corporate Communications (Manager or other applicable roles) - To ensure public facing websites are secure

External - Roles you need to interact with outside the organization to enable success in your day to day work
Consulting partner who manages security solutions and processes of GMR
OEMs whose security solutions are implemented / planned to be implemented
Government agencies such as Cert-IN, NCIIPC etc

Mobile Security

Excellent analytical and problem solving ability