Information Security Lead

Department: Information Security

Reporting To: VP Technology

Qualification: MBA/BE/ BTech

Experience: Minimum 7 years in Information Security

Roles and Responsibilities:

1. Information Security Strategy: Develop and implement a comprehensive information security strategy aligned with the organization's goals and objectives. Ensure the strategy addresses current and emerging compliance requirements, security threats, vulnerabilities, and risks.

2. Security Governance: Establish and maintain an effective security governance framework, including policies, procedures, standards, and guidelines. Ensure compliance with applicable laws, regulations, and industry standards, such as ISO27001:2022, PCIDSS, RBI SAR DL etc.,

3. Risk Management: Identify, assess, and manage information security risks throughout the organization. Develop risk mitigation plans and ensure their implementation.

4. Security Operations: Oversee the day-to-day security operations, including security incident response, vulnerability management, threat intelligence, security monitoring, and access control. Ensure the organization has appropriate security tools, technologies, and processes in place.

5. Security Awareness and Training: Develop and deliver information security awareness and training programs to educate employees and contractors about their roles and responsibilities in protecting information assets.

6. Security Architecture: Collaborate with cross-functional teams like DevOps, Dev, Product, and other relevant teams to develop and maintain a secure technology infrastructure. Provide guidance on security requirements for new systems, applications, and technologies.

7. Security Compliance: Monitor and enforce compliance with relevant security policies, standards, and regulations. Conduct periodic security audits and assessments to identify and address compliance gaps.

8. Incident Response: Lead the response to security incidents, including investigating and containing incidents, coordinating with internal teams and external stakeholders, and implementing remediation measures to prevent future incidents.

9. Vendor and Third-Party Risk Management: Establish and maintain a vendor and third-party risk management program to assess and monitor the security posture of external partners and suppliers. Also liaison with partners to ensure TPRA(Third Party Risk assessment) is managed effectively.

10. Security Metrics and Reporting: Define and track key security metrics to measure the effectiveness of security controls and initiatives. Prepare and present regular reports on the organization's security posture to executive management.

Shopse List of Audits:

ISO27001:2022

PCIDSS

SAR DL

Partner bank audits [HDFC, ICICI etc.,]

NBFC/Partner banks Onboarding TPRA audits