Chief Information Security Officer - NBFC

CISO - NBFC

Job Description :

Our client is a NBFC based in Bangalore. We are looking to hire a CISO [Chief Information Security Officer]. CISO is responsible for:

1. Bringing to the notice of Board/IT sub-committee of the Board about the vulnerabilities and cyber security risk, the Company is exposed to.

2. As member secretary of Information Security and/or related committee(s), if any, may ensure inter alia, current/emerging cyber threats to Company and the Company's preparedness in these aspects are invariably discussed in such committee(s).

3. Managing and monitoring SOC and drive cyber security related projects.

4. Maintaining and update a threat landscape for the organization on a regular basis.

5. Ensuring that periodic tests are conducted to evaluate the adequacy and effectiveness of technical security control measures, especially after each significant change to the IT applications/ systems/ networks as well as after any major incident.

MEASURES OF SUCCESS:

1. Information Security requirements are identified and addressed in a timely manner.

2. Information Security responsibilities are effectively communicated to all role holders.

3. Risk mitigation measures are appropriate and in line with global best practices.

KRAs for the post:

1. To create, maintain and disseminate information security strategy, plans and policies to ensure high information assurance within the Company and meet legal, statutory and regulatory requirements in Information Security.

2. To obtain top management approval on IS security plan, budget, resources and provide ongoing support for Information Security activities.

3. To ensure that, when exceptions/ deviations/ non-adherence to the IS Security are proposed by the Application Owner, the risk assessment process is completed, and appropriate recommendations are put up to Management.

4. To define security violations and support investigative processes.

5. To brief Top Management on information security initiatives undertaken, information security status across the Company, compliance against Company's Information Security Policies and regulatory requirements.

6. To direct Information Security Incident Response Management.

7. To oversee the development of Information Security Awareness training programmes and promote security culture in the Company.

8. To stay informed about global best practices and latest developments in the field of information security including technology, management practices and regulatory requirements.

9. To represent the Company in the area of information security at Group Information Security committee, technical & security committee, and regulatory bodies.