VP – IT Risk – CISO

From 15 to 25 year(s) of experience
₹ 45,00,000 - 65,00,000 P.A.

Job Description

Roles and Responsibilities

Organizational strategic decision-making, system implementations, and the adoption of new processes and procedures improving the security, robustness of organizations infrastructure, IT projects and associated systems. Overseeing the teams that are working to identify and safeguard organization from all known and developing security threats, security weaknesses, software bugs and exploits. Overall responsibility for both the staff and management processes that keep the organization secure from the ever-present threats that an insecure and dangerous world creates. Ultimately responsible for overseeing organizations current Data, IT, Tools and Technology, Open-Source Usage, Community Edition Software Usage, External Integration Risks and Information Security and any new software or hardware modifications impacting upon overall data security.


Key Responsibilities

o Knowledge of IRDAI standards & audit terminologies.

o Ensure compliance with any related legislation, such as the Data Protection Act, ISO standards or relevant government regulations.

o Accountable w.r.t vulnerability assessment, firewall settings, WAF, security settings across tech stack, hardening and patching compliances and other Information Security Activities

o Review and ensure the completeness, accuracy of the checklist of minimum baseline definition for Servers, storage, OS, Middleware technologies and databases in coordinate with OEM and SI partners for any new tools and technology considering all aspects of security.

o Work with OEM and SI partners to ensure enforcement and validation during implementation and on-going.

o Manage all IT security projects implementation.

o Handle license compliance and handle IT Security Audits and IT License Audits

o Manage incidents related to information security.

o Develop, manage, implement information security programs in the organization.

o Manage risks and ensure compliance to information security policies.

o Define IT risks and determine risk response options and evaluate their efficiency and effectiveness to manage risks.

o Define IT security standards and measure adherence.

o Preparing, review, updating, evidence management of all IT security related policies and procedure.

o Preparing and review of IT security, tracking, governance, evidence.

o Definition, Scoping, Creation and execution of IT and Data Security strategies enhancing the reliability and security of the IT systems, projects, and underlying data.

o Overseeing managers and teams that you are responsible for, allocating resources to ensure that staff deliver secure and robust IT solutions to the organizations identified and agreed requirements.

o Overseeing planning and execution of necessary vulnerability audits, penetration testing or forensic IT audits and investigations. Ensure that outputs improve organizational IT Security.

o Best Practices in conducting the 3rd party vendor audit on Data and Information Security.

o Coordinate and facing the Information security audit-External and internal.

o Closure of all IT security audit observation-Internal and external.

o IT Security Awareness Programs.

o Oversee staff training in all the latest security awareness skills, check associated protocols, methodologies and procedures are implemented with DC team.

o Coordination with PIM team for the user access management.

o Coordination and follow up with other department for the closure of all IT security audit observation.

o Assistance in managing information security incident response.

o Exception management, evidence governance of day-to-day coordination for the IT Security activities

o Best Practices implementation for User Access Review for all application

o Create Policy & Process documents.

o Follow up with team for completion and weekly reports.

o Prepare InfoSec presentations

o Strong Vendor co-ordination and evidence management.

o Good understanding around ISO 27001

o CISM / CRISC certification will be added advantage.

o Strong Inter-personal skills - ability to communicate clearly at all levels.

o Good knowledge of IT Infrastructure and design.



Desired Candidate Profile

  • ISO 27001 Implementation & Certification
  • Audit planning & handling of auditors
  • Experience with multiple technology domains including aspects of Windows, Unix and/or database administration, software development and networking.
  • Certification audit preparation
  • Preparation of Audit findings Report
  • Presenting the internal audit finding to the higher management.
  • Part of internal IT team managing IT governance, evidence management, audit.
  • Track effective closure of audit observations and making same part of IT DNA.
  • Handled audit firms with complete end to end IT audits.
  • IT Policy and Procedure handling
  • Documentation with ISO standard & general IT controls
  • Worked on Information Security Governance aspects
  • User access review
  • Change management process handling.
  • Risk assessment
  • Data breach incident handling
  • Network testing
  • Relevant experience in a variety of IT Security related roles, with in-depth knowledge will effectively manage any and all aspects of the IT, Data and Information Security
  • In depth project management skills
  • Good understanding of all current legislation and regulations pertaining to organization.
  • Successful track record of effective coordination, prioritization, collaboration, organisation and project delivery
  • Experience in financial forecasting and budget allocation
  • An overall understanding of the scripting and programming languages, that your teams will be using.
  • Practical experience of computer operating systems such as MS Windows, UNIX/Linux
  • Deep thinking analytical mind with the ability to quickly get to the root cause of issues.
  • A good leader and Outstanding written and verbal communication skills



Role:Other

Salary: 45,00,000 - 65,00,000 P.A.

Industry:Insurance

Functional Area:Other

Role Category:Other

Employment Type:Full Time, Permanent

Education

UG:B.Tech/B.E. in Any Specialization

Company Profile

VRS Advisory Services

To Be Disclosed Later
Company Info
X
View Contact Details+

Recruiter Name:Rishi Raman

Contact Company:VRS Advisory Services

Telephone:+91-9871303233

Website:https://ripplesindia.co.in