Aviva - Information Security & Incident Mgmt

Sr. Manager – Information Security, Physical Security & Incident Management

Purpose:

- The jobholder is responsible for assisting the Head - BP in controlling the risk associated with the compromise, loss or damage to Aviva’s information and/or the technology used to store, process and transmit that information

- Ensure procedures are in place to protect Aviva’s people, premises and assets against internal or external threats, either deliberate or accidental He/ she will be required to establish a strategic, operational framework to maintain business activities and operations following an incident that has a significant impact on the Business/organization an also ensure regulatory and statutory compliances for all Company locations

Context:

- The jobholder will be responsible for development of IS policy and associated documents & providing operational support for IT Risk activities/programs including metrics, process, tools, compliance, standards development, as well as technology infrastructure security

- Establish a framework to Protect Aviva Staff, premises and assets (including information and supporting technology/infrastructure) against internal or external threats, either deliberate or accidental and also establish an incident management Structure and associated processes.

Main Priorities:

- Establish a reporting framework for assessing compliance with policy and collation, assessment and auditing of returns filed with Group Business protection

- Set the risk appetite for BP-related risks and escalating excessive risks to relevant stakeholders including the Information Management System Committee

- Establish an approval process for waivers/exceptions to the IS minimum security requirement and associated documents.

- Establish an IS RA framework for the Organization and oversee/review RAs of critical systems/applications and new projects

- Review on a selective basis, RAs conducted to ensure minimum IS requirements are being applied.

- Track IS risks and associated remediation plans, and escalating excessive IS risks and issues in line with the Aviva Group risk management framework

- Develop and maintain a pan- India IS incident management framework

- Oversee and coordinate as appropriate, response to major IS-related incidents.

- Review and conduct appropriate, investigations into breaches of IS policy/minimum security requirement or other IS-related incidents.

- Categorise buildings and internal areas correctly

- Subject all new buildings or significant changes to buildings to a physical security risk assessment.

- Produce physical security orders and procedures.

- Subject buildings to physical security inspections

- Control access to buildings and secure areas

- Have an incident management structure or associated processes for incident management

Dimensions:

- 1-2 direct reports

Decision Making Ability:

- The jobholder would have full day - to - day responsibility over the functioning of the Info-Sec, the Incident Management & Physical Security Verticals

Financials:

- To operate within approved budgets and develop cost effective methods leading to deduction in overheads and cost savings for the Company over a period

To apply, please click on the button below.