Chief Information Security Officer

Department

Information Security

Qualification

• Graduation in EC or CS or IT or Information Security or Cyber Security or MCA or
• Degree in Mathematical or Physical sciences or
• Other Graduations
  Mandatory certifications: CISA/CISSP
  Nice to have certifications: OSCP/OSCE/ CEH/ LPT/CCNA/ ISO 27001 LA/LI/ITIL

Experience

Relevant Experience: 6 – 8 years

Domain Knowledge Competencies

Key Competencies

• Sound knowledge of Information Security
• Knowledge of security tools and methodologies
• Good command of both written and spoken English

Behavioral Competencies

• Team spirit
• Strong analytical skills and logical reasoning
• Good Oral and written communication skills in English

Key Accountabilities

• To ensure Information Security is coordinated consistently across the company
  and to measure, monitor and report to the Board the efficiency and effectiveness
  of the Information Security Management Systems (ISMS).
• To conduct risk assessment and security reviews for new products, initiatives to
  provide security clearance and project sign-off in all stages of SDLC to ensure
  Confidentiality, Integrity and Availability of confidential data.
• To ensure that security reviews are conducted to evaluate the adequacy and
  effectiveness of technical security control measures, especially after each
  significant change to the IT applications/systems/networks/cloud solutions/etc.
  as well as after any major incident.
• To manage external IT Audits, monitor and ensure closure of observations as per
  timelines for Vulnerability Assessments, Penetration Testing, Network, Web
  Applications, Mobile Applications, Secure Network & Firewall Access Reviews,
  Secure Configuration review, etc..
• To develop and review cyber security KRIs and KPIs periodically.
• To evaluate and implement Information Security Services, solutions, products,
  features, etc., handle the procurement
• To ensure compliance with IS policies, standards, procedures and requirements of
  Regulators and other law enforcement agencies relating to cyber security e.g.,
  SBI, Cert-in, SEBI, etc. and remain abreast of emerging trends and best practices
  in the industry.
• To review and analyze risks inherent in technology operations underlying the
  business.
• To ensure security controls are maintained in all Third Party products and co-
  ordinate with security vendors, suppliers, service providers and external
  resources for improving security.
• To review and approve all Change Management and New Products rules, access
  permissions (Firewall Access Rules, Logical/ Physical), USB, Internet, VPN, etc.)
• To manage and monitor SOC operations and drive cyber security related projects.
• To manage and oversee information security incident management process for
  incident reporting, containment, resolution and root cause analysis as part of
  computer incident response team (CIRT).
• To report and create dashboards on the information security compliance and
  conduct for periodic review meetings with top management / IT teams, various
  stake holders relating to monitoring, incidents, critical changes in environment,
  audit results and status of corrective actions.
• Conduct Information Security awareness / training programs and Phishing
  simulations for the employees as part of their induction and regular awareness.

Essential

Nature of Business

• Dealing in Investment Banking, Corporate advisory services, Trustee services, Equities & Commodities Broking, Retail Assets and Distribution of Financial Product