This is part of Infosec team responsible for Information Security Management System and to protect organization information assets against internal and external threat.

Key Responsibilities :

- To work closely with CISO to plan and establish organization-wide Information security Management System (ISMS) in accordance with ISO/IEC 27001 Standard, NIST, IRDAI and other relevant security standards.

- Continuously measure and publish information security metrics dashboards and other key performance indicators.

- To review and finetune security solutions deployed in organization

- To review IT architecture from security aspects and provide recommendations.

- To review and update information and cyber security policy, procedures to support organization information security program.

- To work closely with IT and other functional teams and monitor implementation of information security initiatives, projects, and controls for new or identified deficiencies.

- To lead and manage Cyber Incidents investigation for organization.

- To participate in POC of security solutions.

- To review cloud security controls and provide suggestions for improvements.

- To conduct and lead information security risk assessment on an ongoing basis and report any significant risks to ISC

- To Manage VAPT/config audit for IT Infra and applications and ensure vulnerabilities are fixed within regulatory timelines

- To conduct security assessment for new vendors during onboarding and ongoing basis to ensure information and cybersecurity is not compromised

- To manage and maintain BCP/DR including conducting annual drills

- To manage information security awareness for employees and vendor users.

- To plan and conduct annual internal IT infosec review/annual audit as per IRDAI checklist

Education/Experience :

- Preferred MBA with Engineering Background/CA, InfoSec certification like CISSP, CEH, CCNA Security, ITIL, CISM, ISO 27001, CRISC

- 4 to 8 years of experience.