Bharti AXA Life Insurance - Information Security Manager

Job title : Information Security Manager

Business unit/function : COO

Channel/line of business : Information Security

Reporting to : Band Manager

NO. OF POSITIONS : 1

Main job purpose : To implement and Manage Information security for Bharti AXA - LI - PAN INDIA

KEY ACCOUNTABILITIES :

END RESULTS & KEY ACTIVITIES :

Information Security & Infra Security :

- Security Project Governance and Security Projects

Outsourcing Risk Review :

- Managing the Information Security Risk Register

- Information Security Policy documents definition and alignment to AXA Standards

- Implementation of the Security Policy

- Creation & Review of Information Security procedure documents

- Manage Information Security Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations, or complaints from Internal and external parties

- Information Security helpdesk activities (Firewall approvals, website whitelisting etc.).

- Ensure active involvement in security related activities matters for infrastructure

- Relationship with all technology partner & Security Governance

- Information Security Awareness Program Development

- Work towards maturity of Information Security management system for the organization based on ISO 27001 Standards BYOD Project-sustenance

- Risk Assessment and Risk Treatment to be reviewed on a regular intervals along with the Risk Coordinators and risk owners

- Management Review reports to be presented to the required stakeholders

- Application security assessment and remediation ( New application review,penetration test and vulnerability assessment)

Reporting :

- All monthly, quarterly, bi-annually and annually reporting to the respective stakeholder's needs to be maintained and no exceptions for the delay.

- Regional and Local Management Reporting on Information Security Projects and Risk Remediation Status.

- Eye to detail is a must during the reporting

Vendor Risk Assessment :

- Information Security Vendor audits to be completed as part of the Outsourcing Risk Framework.

- The Assessment of the Security controls during the vendor empanelment.

- Vendor Governance - any non-conformance by the vendors needs to be reported to the appropriate stake holders and ensure closure of all open actions by the vendor

Audits - Periodic User ID, privilege users, proxy users, etc. review, (all finding to be reported to the respective stakeholder)

- To complete application user access review BI - annually for the entire Organization and ensure closure of all open action points

- Internal/External Information Security audit to be completed and coordinated

Projects :

- To conduct Security Testing of New Solutions/Applications/systems. To Conduct Risk Assessment and work with regional and local teams for the implementation of the recommendations.

- Education and Training

- Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, partners and Vendors.

COMPETENCIES/KNOWLEDGE/SKILLS :

- Good communication skills in both verbal and written

- Good knowledge and hands on experience on information security implementation

- Timely deliverables of reports

- Eye to details

ABILITIES/ATTRIBUTES :

- Ability to maintain and build on existing stakeholder management

- Ability to speak to prospects in both a business and general information security language

- Ability to analyze and understand business requirements and deliver the same

- Willingness to travel

Key customers :

Internal :

Internal Stakeholder are : IT, Risk Management, Operations, Business Teams

External :

- External Stakeholder consist of AXA Regional/ Group members & Local Vendors

QUALIFICATIONS & EXPERIENCE :

- Minimum 6-7 years of relevant experience is required. BE/B Tech

Mandatory : Any of the CISA/CSIM/CISSP certification.

TARGET INDUSTRY/COMPANIES : Any Industry

Salary offered: 9 - 10 LPA