Vodafone Idea - Assistant General Manager - Technology Security (7-8 yrs)

Job Purpose :

- This position would be required to ensure effective management of cyber risks across IT, digital, network & other enterprise functions.

- Also, to ensure effective governance of the Technology Security function.

- Responsible for maintaining and monitoring the organization's information security compliance by enforcing KPIs and SLAs across key security functions, including SOC, SecOps, Risk Assurance, Compliance & Data Privacy.

- This role also involves conducting risk assessments, implementing mitigation controls, managing vendor de-risking programs, and driving the Security Assurance program to maintain the organizational risk score and align with business objectives.

Key Result Areas/Accountabilities.

Security Governance :

- Define and implement cybersecurity strategies, policies, and procedures to strengthen overall security governance and ensure alignment with organizational objectives.

- Plan and conduct governance forums at both working and leadership levels, ensuring systematic closure of actionable items and effective management of stakeholders.

- Oversee partner and OEM governance through regular reviews of KPIs, KCIs, and SLAs, driving improvements in the GRC domain to enhance security compliance.

- Support the implementation of GRC process and project automation initiatives to optimize security operations and compliance efforts.

- Track the performance of the security vertical to ensure optimal resource utilization and identify improvement areas.

- Prepare and present functional updates, including security-related presentations, to senior management and leadership teams.

- Ensure adherence to regulatory compliance and reporting requirements for bodies like NCIIPC, DOT, CERT-In etc.

- Engage with internal and external auditors, regulatory bodies, and government forums, providing necessary reports and evidence to meet compliance standards.

- Governance of unauthorized software's & Risky firewall rules.

- Oversight of Third-party vendor risk management.

- Support Security Technologies Inception which included preparing SOWs, business cases, and technical evaluations for new or enhancement in technologies.

Risk Assurance & management :

- Govern the teams who Manages Security Services partners, ensuring effective security governance, timely audits, and remediation of vulnerabilities for critical IT assets and applications.

- Conduct periodic master calendar reviews for applications, perimeter, and external-facing IPs, and provide governance for supporting vendors.

- Provide business-centric KPIs, dashboards, and reports to track security performance, compliance, and risk posture, ensuring continuous improvement and alignment with organizational goals.

- Manage and maintain cyber security risk posture (IT and IS process control related to risk) / compliance; periodic review and follow up of overdue, pending RAF.

- Track for closure of Vulnerabilities (IT, Telecom and Digital), Penetration Testing, and Technical Controls Review on a periodic manner for IT and its related assets.

- Identification, classification & assessment of critical IT assets, Applications to identify risks associated with them and ensuring mitigation of the same for both internal assets & assets managed by third parties viz.

- Implementation & maintenance of a Third-party vendor risk management framework to periodically assess critical vendors & partners of VIL, perform risk assessment and mitigation of identified risks,

- Track and monitor remediation plans prepared by the third party to closure, Review closure evidence provided to determine appropriate closure.

- Ensure on-time, quality and effective Security Gating Process by way of strong governance on assessment teams.

- Verify and approve risk exceptions requests related to Firewall, Internet access, VPN access & conduct proper security Architecture checks and zoning implementation.

- Conduct periodic Master calendar activity for All applications, Perimeter and External facing IPs.

- Review and audit vulnerable critical assets in timely manner.

- Periodic governance of Supporting vendors and support Internal/ External audits.

- Provide business centric KPI, Dashboard and Reports.

Core Competencies, Knowledge, Experience :

- Minimum 7-8 years of experience in IT and cybersecurity, focusing on Risk & Governance Management.

- Expertise in application security (web, mobile, API, and source code testing).

- Strong knowledge of Risk Management, IS principles, and security architecture.

- Proven leadership skills with a track record of team collaboration and delivering under pressure.

- Excellent communication skills for engaging senior management.

- Strong problem-solving skills and crisis management capabilities.

- Proficient in application security technologies, processes, and KPIs.

- Familiar with Indian regulatory standards and cybersecurity frameworks.

Must have technical / professional qualifications :

- Bachelor's degree in computer science/information security or related field; Master's degree is a plus; certifications in security domain preferred viz CRISC, CISM, experience in banking or telecom is a plus.