Information Security Officer - BFS

Responsibilities:

1. Develop and Implement Information Security Strategy:

- Develop and execute a comprehensive information security strategy aligned with business objectives.

- Oversee the establishment, communication, and maintenance of information security policies and procedures.

2. Risk Management:

- Identify, assess, and prioritize security risks and vulnerabilities.

- Implement risk management programs to ensure the confidentiality, integrity, and availability of information assets.

3. Security Governance:

- Provide leadership and direction for the information security function.

- Collaborate with executive management and department heads to align security initiatives with organizational goals.

4. Compliance and Regulatory Oversight:

- Ensure compliance with relevant laws, regulations, and industry standards.

- Stay abreast of changes in cybersecurity laws and regulations, adjusting policies and procedures accordingly.

5. Incident Response and Management:

- Develop and implement an incident response plan to address security incidents promptly and effectively.

- Coordinate with relevant stakeholders during security incidents, investigations, and forensic activities.

6. Security Awareness and Training:

- Establish a comprehensive security awareness program for employees.

- Provide training and guidance on security best practices.

7. Security Technology Evaluation and Implementation:

- Evaluate and recommend security technologies, tools, and services.

- Oversee the implementation and maintenance of security solutions.

8. Vendor Security Management:

- Assess and manage the security posture of third-party vendors.

- Ensure that contracts with vendors include appropriate security requirements.

9. Security Metrics and Reporting:

- Develop and maintain key security metrics to measure the effectiveness of the security program.

- Provide regular reports to executive management and other stakeholders.

10. Collaboration and Communication:

- Foster a culture of collaboration between IT, risk management, compliance and business units.

- Communicate effectively with internal and external stakeholders on security-related matters.

Qualifications:

- Bachelor & degree in Information Security, Computer Science, or a related field. Master & degree preferred.

- 10+ years of proven experience at the highest level of information security management with 3+ years on leadership roles.

- Relevant certifications such as CISSP, CISM, or CISA.

- In-depth knowledge of security frameworks, standards, and best practices (ISO 27001, NIST, etc.).

- Proven leadership, problem-solving, and critical thinking abilities

- Proven ability/experience to establish and implement information security policies and procedures

- Strong understanding of risk management, compliance, and governance.

- Experience with IT security risk assessment and mitigation

- Excellent communication and interpersonal skills.

- Ability to lead and inspire a team of cybersecurity professionals.

- Demonstrated experience in incident response and crisis management.

We encourage applications from candidates having background and experiences working for large Bank / NBFC / Financial Institutes / Financial Services.