Manager/Deputy Manager - Information Security & Fraud Risk - BFSI

Manager / Deputy Manager - Information Security & Fraud Risk

Role Purpose :

- The primary function of this role is to assist in the design of Information Security & Business Continuity & anti fraud related controls & maintaining an oversight on the same towards providing an assurance on Information security, Business Continuity & anti fraud framework implemented within the organization in line with business requirements and prevailing regulatory directions.

- The role also requires the individual to interact across various departments including Sales, Operations, IT, Facilities & Admin, Finance etc and help facilitate key practical solutions pertaining to domain areas listed above and ensure that all relevant risks are identified and appropriately addressed in line with Companys risk appetite

Principal Accountabilities :

- Review & assessment of security logs for applicable devices during any security breach

- Ensure security related controls are documented as a part of functional RCA framework and the same is periodically assessed in conjunction with first line of defense

- Assist in maintenance and improvement of security & fraud risk framework in the Company

- Maintain requisite oversight & validate controls being tested as a part of risk control assessment program for all IT, CRE & Admin functions/ processes to ensure necessary preventive & detective controls embedded into these processes are periodically assessed and tested for effectiveness

- Assist in maintaining a framework pertaining to identification of critical information assets, conducting a risk assessment to ensure that controls deployed are commensurate with the risk observed.

- Conduct IS, BCP risk reviews for key outsourced vendors, perform due diligence reviews from an IS, BCP perspective, identify issues, recommend remediation strategies and monitor closure while working in collaboration with respective functions

- Liaison with business to ensure Information Security, Business Continuity & anti fraud related controls are embedded as a part of all RFQ involving exchange of Customer, employee or business sensitive information

- Assist in maintaining a robust BCP/DR framework for the organization and continuously monitor and improve the same

- Support/ oversight during regular BCM exercises including IT DR test, tabletop exercises with keystakeholders, Call tree tests, regular plan walkthroughs, formulate test calendars etc.

- Maintenance of fraud MIS and documentation of investigation report

- Robust controls in place to ensure security of customer sensitive information and other Company proprietary information

- Necessary controls implemented towards early detection of any systems incident, Information security breach

- BRP plans, crisis management plans, test reports documented and maintained

Customers / Stakeholders :

- Ensure all function owners are aware of requirements mandated as a part of - Security & fraud risk framework & the same is embedded in their processes

- Security & fraud related controls are implemented in line with the risk appetite of the Company

- Ensuring all risks with respect to Information Security & fraud risk are identified and appropriately mitigated and exposure is not unreasonable and outside the risk appetite of the Company

Leadership & Teamwork :

- Participates, contributes and guides other team members in projects where consideration of IT risk, IS, BCP & anti fraud related controls are relevant like outsourcing, online e-commerce initiatives, new office infrastructure setup and other IT initiatives including system integration initiatives with banks, etc

- Assists business and other teams on key requirements to ensure security controls are implemented in line with Company policies

Operational Effectiveness & Control :

- Ensure controls recommended/ deployed are commensurate with the level of risk

- Regular testing of BRP and DR plans, easy to understand BCM test and other IS risk review reports that highlight the material issues for management attention and action

- Annual calendar of IS reviews, BCM activities and its ongoing compliance

- Information asset register & risk assessment for critical assets for each department

- Security & fraud risk assessment for designated functions & vendors