Chief Information Security Officer - Banking/Financial Services

- Enterprise information and the IT enablers, including applications on which the information exist are subject of various risks;

- This role is to advise on various risks and ensure controls are put in place to enhance the cyber, information security and data privacy posture of the enterprise.

- Design and implement the enterprise IT Security Architecture;

- Determine IT risks dynamically and ensure appropriate controls to minimize the risks;

- Ensure security posture of Information is kept at its helm;

- Provide advisory in a dynamic IT environment to ensure the organisational IT risks are minimized.

- Ensure adherence to compliance, data protection and regulatory requirements (SOX/NYDFS/GDPR/Data Privacy guidelines)

- Define metrics and governance framework to measure the efficiency and effectiveness of the Cyber Security programs.

- Instil the process of managing CyberAttack (Ransomware, Malware)

Key Challenges

- Rightful technology adoption;

- Communication to stakeholders about risks;

- Keeping abreast with technologies under the umbrella of Information space.

4: Decision Making Authority

- Technological architectural design;

- Security solution selection;

- Security process adoption;

- Vendor selection process for technology be it OEM/SI.

6: List of internal and external stakeholders the role is expected to interact with to execute duties effectively

- Managed security of service providers in Network, System and Application Security space.

- Technology partners/OEM's of existing and proposed technologies adopted in information security space;

- Business teams wishing to imbibe new technologies for running the business;

- Internal IT teams covering all gamete of Technology space.

Professional Qualification Skills Knowledge Competencies

M Tech, PGDM (BE Minimum in CSE/Information Security/ECE/IT)

- Information Security Technology certifications like CISSP/CSSLP/CISM

- Information Systems audit certifications like CISA/CRISC

- Information Assurance certifications like ISO27000 LA

- Cyber Security frameworks such as MITRE, NIST

- Project management certifications like PMP / PRINCE 2

- Specialised Security skills like CEH/Pen testing

IT concepts covering Operating systems, Networking, Databases and Applications with an insight towards security control requirement in those spaces

- IT Network Architecture

- Network security Architecture

- Application Security

- System Security

- Information security process design