Roles & Responsibilities:

The Chief Information Security Officer/ Security Head serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.

Responsibilities:

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Work directly with the business units & IT Head to facilitate risk assessment and risk management processes
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Provide leadership to the enterprise's information security organization
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Expectations to set-up a 24X7 Security Operations Center (SOC) to bring in the best-in-class infrastructure and solutions to assess vulnerabilities and prevent, detect, protect and predict any potential cyber threats
• Have an Enterprise Risk Management strategy formulated and implemented
• Build right skills for risk analysis & mitigation, cyber-security testing
• Review and Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
• Coordinate, measure and report on the technical aspects of security management.
• Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
• Manage and coordinate operational components of incident management, including detection, response and reporting.
• Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
• Manage security projects and provide expert guidance on security matters for all important initiatives
• Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and follow policies and audit requirements.
• Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.

Location:

Mumbai

Branch:

Churchgate

Experience:

10 - 15 years

Salary Range:

As per industry standard

Functional Area:

Other

Employment Type:

Permanent

Desired Candidate Profile:

• Degree in business administration or a technology-related field required. 
• Professional security management certification ( CISO/CISA)
• Minimum of 10 to 15 years of experience in a combination of risk management, information security and IT jobs
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Experience with contract and vendor negotiations and management including managed services.
• Specific experience in Agile (scaled) software development or other best in class development practices.
• Experience with Cloud computing/Elastic computing across virtualized environments.