This job posting is no longer active.
Location: Mumbai, MH, India
Job ID: 1002575
JOB FUNCTIONS AND RESPONSIBILITIES
o Provide regular reporting on the current status of the security program to senior management through executive management and board level interactions.
o Collaboratively engage with other functions and business representatives to facilitate a globally standardized approach and governance structure to information security and risk.
o Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
o Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the monitoring and response program - and showcase the increase in security maturity.
o Helps manage information security budgets, and monitor them for variances
o Leads the second line of defense in reviewing the control effectiveness through control checks, access reviews and risk assessments.
• Risk Management
o Drive risk assessment to identify important security risks to the enterprise and identify the mitigation plan for the same.
o Drive efforts to identify risks in third party engagements and facilitate mitigation of the risks.
o Provide appropriate security guidance on all projects, systems, services and other initiatives including the evaluation and recommendation of technical controls.
o Liaise with Enterprise Technology teams to ensure that appropriate information security architecture standards, policies, and procedures are available and implemented consistently across all infrastructure and application development projects and programs. This includes review of as-is state as well as engagement in future initiatives.
• Policy, Awareness, Incident Management
o Helps develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices
o Provides day-to-day security guidance for IT projects, including the evaluation and recommendation of technical controls
o Develop and maintain an incident response program to address security incidents, respond to policy violations, interfacing with internal or external stakeholders as required.
o The role requires solid analytical and problem-solving abilities to identify and fix security risks
o Keep abreast of latest security related regulations, legislations and advisories affecting the organization.
o Liaison among the Information Security team and corporate compliance, Oversight, audit, legal and HR management teams as required
o Drive efforts to ensure that there are no major observations during external assessments and inspections.
• Team management
o Direct the team in all the activities to effectively deliver the expected outcomes. Drive efforts to ensure that the calendarized and ad-hoc activities are in line with the mission of the function and the overall business objectives.
o Ensure that the team is highly engaged and committed to deliver the outcomes. Resolve any team engagement issues.
EDUCATION / EXPERIENCE
o Around 18 years of information and cyber security related experience, particularly in the areas of governance, risk management, compliance, policy formulation, third party risk management, security awareness, external assessments. Preferable to have experience in IT Systems administration or security tools configuration.
o Desired certifications - CISSP, CISA, CISM, CRISC, ISO 27001 Lead Implementer
o Preferred location - Bangalore, Pune, Mumbai (Hybrid work model)
WORK SCHEDULE OR TRAVEL REQUIREMENTS
Mid Shift: 2 PM IST to 11 PM IST
• Integrity - always do the right thing.
• Judgment - effectively deal with the gray.
• Transparency - open and honest communication; early escalation; no hidden agendas.
• Respect - treat others with dignity and be respectful.
• Resiliency - tolerate dynamic conditions without undue frustration.
• Pragmatic - stay calm, act with focus and purpose, even when facing challenge and uncertainty.
• Passion - demonstrate positive excitement and conviction for what you do and needs to get done.
• Ownership - take responsibility for everything in your organization even when it's not your fault.
• Self-Motivation - personal drive to achieve, commitment to personal / organizational goals, initiative to act on opportunities and challenges, and optimism in the face of set-backs.
• Hunger - willing to throw head, heart and hands into the job.
• Humility - don't have to be the smartest person in the room, give credit to others, willing to do any job to help the organization or team succeed.
• Desire to Win - super competitive yet understand that the competition is outside the building.
• Empathy - the ability to discern what someone else is thinking or feeling and then responding in some appropriate way.
• Independent Thinker - analytical, the ability to make sense of things based on one's experiences and observations; not flustered by criticism or challenge and willing to stand for convictions.
• Intellectual Curiosity - passion for continuous learning and understanding "why".