Reporting Structure

Reports to AVP – Security engineering

Education

University degree in the field of computer science or IT.

Experience/ Qualifications

·         A minimum of 6 years of IT experience with at least 3 years in working with GRC programs

·         Structured project management experience in deploying security-related initiatives

·         Excellent project management skills as well as excellent oral and written communication skills

• Knowledgeable about governance, risk and compliance systems and how to design a GRC frame work
• Experience of process, risk and controls is a must

Industry

Financial Domain (Banking / NBFC experience is desirable)

Responsibilities

·         Define, implement, and enforce information security policies

·         Establish an information security risk management strategy, process, and program

• Establish and oversee a formal vulnerability and testing program  

·         Assist in governing/overseeing the information security program and plan  

·         Ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements (ISO, RBI, PCI etc.)

·         Conduct audits

·         Communicate with and report to (as required) all internal and external stakeholders

·         Identify and involve relevant stakeholders (internal and external)

·         Review the status of the information security program with higher level managers / stakeholders

·         Work to enhance security awareness through the organization

         · Connect with sources who help update on current industry trends and security challenges

Certifications

• CISM
• CRISC/CGEIT
• PMI-RMP
• ITIL
• CRMA
• CISSP