Key Objectives and Major Responsibilities:
Information Security Program
• Lead Information Security to meet organization Security objectives & goals.
• Manage and maintain information security as ISO27001 framework.
• Create and update information security policies and procedures.
• Conduct internal audits against information security control requirements.
• Drive mitigation of identified gaps and risks in collaboration with corporate and business teams.
• Document and maintain the Information security risk register.
• Communicate & work closely with the IT Team, where operational security issues are identified.
• Create and maintain Cyber Security policies, procedures, and control standards.
• Communicate effectively, presenting complex information security matters clearly and concisely with audiences ranging from peers to Sr. Management
• Maintain current knowledge with respect to technologies and products both in-house and in the market.
• Recommend effective changes to enhance Information security policies and practices.
• Drive the team to work towards achieving information security objectives.
• Manage cyber security awareness program and phishing drills
• Conduct security awareness as part of the employee induction program
Stakeholder Management & Communication
• Ability to communicate ideas and strategies effectively to non-technical audiences, including executive leadership, via multiple mediums (e.g., written communications, verbal communications, presentations, etc.)
• Vendor/contract management – Ability to build effective relationships with third-party providers, suppliers, and partners
Risk Management and Incident Response
• Perform information security risk assessments with respect to the Company’s functional security domains as well as 3rd party vendor environments on an ongoing basis and report any significant risks to the ISC / senior management.
• Provide inputs for building Information & Cyber Security Risk metrics/dashboards & reports for parameters across various domains.
• Ensure compliance with the Information and Cyber Security policy, procedures & standards of the Organization. Keep IT policies, procedures & runbooks updated
• Control & facilitate the identification, response, investigation, remediation, and reporting of information security incidents
• Develop, implement, and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk
• Examine the impacts of new technologies on the organization’s overall information security
Key Capabilities and Competencies
• In-depth knowledge of cyber risk in context to the organization and recommend security controls
• Excellent understanding of major regulatory and industry standards such as ISO27000 and NIST framework.
• Work closely with SOC partner, Cert-in and other similar bodies and act promptly on latest cyber threat advisories
• Fair knowledge of regulatory guidelines, legislations, statutory requirements, and its application within the Company.
• Good understanding of the information security principles, policies, practices, and implementation of next generation technologies
• Understanding of the nature of information security threats and risks to the Company’s information assets
• Ability to efficiently project manage, and possess written and oral communication skills
• Ability to collaborate with functional teams and work closely on information security initiatives
Qualification and Experience
• Diploma/ Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, related field, or equivalent training and/or experience
• ISO 27001 LA/ LI, CEH, CISA, CISSP, or other Cyber Security Certifications would be an advantage
• Overall, 8-12 years of relevant experience in information security & crisis management. Preference shall be given to experience in Insurance tech, IT, or BFSI.
• Knowledge of information security standards such as ISO, PCI, etc.
Experience: 8 – 10 years
Salary: 20 LPA
Location: Delhi