Assistant Vice President - Information Security

Position Title : AVP - Information Security Governance & Compliance

Role : Managing Information Security Governance, Risk & Compliance, and Awareness Activities.

Reporting To : VP Information Security Governance & Compliance

Key Responsibilities :

To manage :

- Compliance with Guidelines on Information and Cyber Security for Insurers issued by the Insurance regulator, IRDAI.

- Compliance with other guidelines related to Information Security/Data Security/Cyber Security/Information Security Management System (ISMS), issued by the Insurance regulator and/or any other regulator.

- Compliance with information security requirements of government of India like CERT-In, MeitY etc.

- Compliance information security policies, standards, procedures and guidelines.

- Compliance with Bank Group information security requirements, as advised by Group CISO.

- Development, review and updating Policy, Standards & Procedures, SOPs and all other documents related to Information & Cyber Security.

- Sustenance of ISO 27001 : 2022 certification and practices for all types of controls.

- Implementation & maintenance of IT / Cyber GRC solution to streamline and automate Cyber security processes.

- Security risk assessments for general controls like process reviews, assessment at outsourced vendor locations, branch locations etc.

- Security risk assessments for new technologies & processes or any change in to existing technology & processes.

- Drive Cyber Security Maturity Assessment program, coordination with stakeholders to review the existing processes and implementation of recommended measures to improve the maturity score.

- Development & management of Information Security awareness training program and promote security culture across the organization at all the levels including special programs for IT department and Information Security department employees.

- Evaluation of new security products and monitor implementation of security software/products.

- Assist / Support for Vendor/Third Party risk management for information & cyber security.

- To work closely with various teams and functions to ensure effective implementation of Information & Cyber Security controls.

- To plan & prepare for governance committee meetings, minutes, actionable in a timely manner including Group meetings & Internal meetings.

- To oversee governance of SOC activities, ensure review of SOC effectiveness program and implementation of recommended measures.

- To prepare and present compliance/assessment / review reports / Cyber KRI to management.

- To track closure / mitigation of reported vulnerabilities and

prepare Dashboards and Action Taken Reports of various security assessments/reviews for different IT & Business teams.

- To ensure that when exceptions/deviations / non-adherence to the Information Security Policies are proposed by the IT Owner/Business Owner, the risk assessment process is completed and appropriate recommendations are put up to senior management.

- To stay informed about global best practices and latest developments in the field of information security including technology and management practices.

Critical competencies :

- Knowledge in the areas of Information Security/ IT Governance, Risk, Compliance.

- Coordination, Follow-up, Persuasive.

Person Profile :

- Engineering Graduate/Management Graduate with ISO 27001 LA and having minimum 12 years of total experience, out of which minimum 7 years in the areas of Information Security/IT Security/ IT Governance, Risk & Compliance.

- Preference will be given to candidates having professional certifications of CISA/CISSP/CISM/CRISC and having knowledge as well as job experience on Cyber GRC implementation /management.