Roles and Responsibilities
The position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
Strategic Support and Management
- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled, or processed by the organization.
- Develop, maintain, and publish up-to-date information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
- Create, communicate, and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.
- Develop and manage information security budgets and monitor them for variances.
- Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users.
- Create a framework for roles and responsibilities regarding information ownership, classification, accountability and protection
- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
- Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company’s reputation.
- Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
- Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.
- Manage security issues and incidents, and participate in problem and change management forums. Ensuring timely reporting and adequate participation in investigation for ICT security incidents
- Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
- Work with the IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
- Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
- Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements
Skills and Qualifications
A minimum of eight years of IT experience, with five years in an information security role and at least two years in a supervisory capacity
A bachelor’s degree in technology/information systems (B.Tech) or equivalent