Title : Head IT Security and Governance
Experience : 14+ Years
Qualifications : BE or MCA
Preferred : MBA from recognized institutions.
Certifications : Appropriate certifications (CISM, CISSP, CISA, and CGEIT) would be an advantage.
Location : Bangalore
- This position reports to the Group CIO and has a dual responsibility.
- This position is responsible for implementing and monitoring the Information Security Program across the group.
- Provides training and enforcement in the area of corporate information security policies, standards, and procedures including regulatory requirements.
- Assists business units, functions, and/or technology managers with risk assessments on systems/applications.
- Assist the business units with the investigation, resolution, and documentation of information security incidents.
- Help assess risk and recommend systemic solutions to information security problems.
- This position takes a lead role in the establishment and management of information technology infrastructure and processes.
- Develop, maintain, and publish corporate information technology policies, standards, processes, and guidelines; design and implement programs for end-user awareness, compliance monitoring; ensure the appropriate information technology infrastructure and related service delivery is in place and properly maintained; develop, maintain, communicate and ensure compliance with Information Services policies, processes, and guidelines consistent with industry best practice standard frameworks.
- Manage the development and implementation of global information security policy, standards, guidelines and procedures.
- Oversee incident response planning as well as the investigation of information security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
- Work with outside consultants as appropriate for independent information security audits.
- Develop and administer security awareness programs, methods and communication to employees at all levels.
- Monitor security related audit/regulatory findings within business units/functions and assist with remediation as necessary.
- Conduct research, develop and defend positions, and document findings in white papers that will stand up to regulatory scrutiny on all aspects of information protection.
- Sustain ISO 270001 processes and ensure certification in more areas.
- Optimize compliance and service level reporting processes through the IT infrastructure while ensuring business efficiency.
- Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate information security-related concepts to a broad range of technical and non-technical staff.
- Should have experience with business continuity planning, auditing, and risk management.
- Must have a solid understanding of information technology and information security.
- Experience: 14 or more years of related professional experience in a complex, dynamic business and technology environment including five years at a senior management level.