Chief Information Security Officer - FMCG

Responsibilities

Operational:

- Understanding business processes and assessing the criticality of the technological solutions being used to carry out business functions.

- Review business Level processes and new initiatives for Cyber security requirements and help in incorporating industry best practices.

- Continuously monitor and assess execution of security policy and validate necessary controls are in place.

- Support security governance processes and serve as cyber security interface to the business.

- Enable User education/ awareness on Cyber Policy and its enforcement.

- Identify, report service level attainment results, and highlight improvement opportunities.

- Drive continuous process improvements for Cyber operations and benchmark them with industry standards

Project Management:

- Design and implement BU level Cyber security projects as per the business requirements.

- Lead and manage projects that drive execution of security policy and validation of necessary controls.

Risk Management & Compliance:

- Oversee deployment of strategic interventions to mitigate risks and address vulnerabilities.

- Forefront initiatives to monitor and drive adherence of Cyber operations to protocols, legal and regulatory compliance's at group and business level.

- Build security reporting dashboards for capturing risk status of different systems.

- Revisit operations policies/ frameworks in accordance to changing business, technology landscape and regulatory environment.

Security Audit:

- Plan and implement the internal audit of IT, OT, and business processes across the organization in collaboration with the Group and Business Audit and assurance counterparts.

- Ensure testing and evaluation of system controls, policies, and procedures as required.

- Empanel audit agencies for security audit and ensure audits are conducted as defined and co-lead interface with auditors.

- Monitor and track all security controls for potential issues, perform verification assessment of controls and determine and update necessary controls to ensure documentation in enterprise security plan.

- Identify and maintain a repository of leading security practices and standards used. Report on the implementation of leading practices and standards and map them to controls and metrics.

- Plan and comply application and infrastructure vulnerability assessment at business level including Operational Technology landscape.

Vendor-Partner Management and Engagement:

- Track partner performance to ensure project delivery basis expected quality, timelines and budgetary considerations, and address non-performance; Conduct regular partner performance reviews based on project criticality.

- Manage escalations related to partner (non)performance, scoping issues, partner pay-outs.

- Cultivate strategic relationships with partners and effectively leverage them for value additions to company.

- Engage with partners on a frequent basis for a win-win relationship; Facilitate organization of capability road shows/ POCs by partners to increase partner engagement with the organization

People Management:

- Working with Cyber, IT and OT teams

- Communication with sites.

- Coordination with other departments and functions

- Coordination with other organizations

- Dealing with service providers.

Professional Certifications: CISSP/ CISM/ CISA/ ISMS Lead Implementer/ IEC 62443