A. Job Profile

The Head of Information Security is a critical member of the CEO's leadership team. This role must

be able to translate the IT-risk requirements and constraints of the business into technical control

requirements and specifications, as well as develop metrics for ongoing performance measurement

and reporting.

This leadership role requires an individual with a strong technical background, as well as an ability

to work with the IT organization and business management to align priorities and plans with key

business objectives. A key imperative of this role is to strike a balance of real-world risks with

business drivers such as speed, agility, flexibility and performance.

Responsibilities

The job role is composed of following set of activities:

Strategic

• Work with the CEO and other stakeholders to develop a security program and security projects
• that address identified risks and business security requirements.
• Define metrics and reporting strategies that effectively communicate successes and progress
• of the security program.
• Manage the process of gathering, analyzing and assessing the current and future threat
• landscape, as well as provide a realistic overview of risks and threats in the enterprise
• environment.
• Evaluate and establish a Security Operations Center (SOC) as appropriate and plan for it to
• deliver sustained value to the organization
• Develop budget projections based on short- and long-term goals and objectives.
• Monitor and report on compliance with security policies, as well as the enforcement of policies
• within the departments
• Propose changes to existing policies and procedures to ensure operating efficiency and
• regulatory compliance.
• Establish and help sustain information security governance to improve the Information Security
• posture of the organization.
• Manage a staff of information security professionals, hire and train new staff, conduct
• performance reviews, and provide leadership and coaching, including technical and personal
• development programs for team members.

Security Liaison

• Assist business owners and IT staff in understanding and responding to security audit failures reported by auditors.
• Provide security communication, awareness and training for audiences, across the organization
• Work as a liaison with vendors and the internal departments to establish appropriate contracts and service-level agreements.
• Manage production issues and incidents, and participate in problem and change management forums.
• Provide support and guidance for legal and regulatory compliance efforts, including audit support.

Architecture/Engineering Support

• Consult with IT and security staff to ensure that security is factored into the evaluation,
• selection, installation and configuration of hardware, applications and software.
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Research, evaluate, design, test, recommend or plan the implementation of new or updated
• information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
• Work within the Digital Transformation team and the business functions to ensure that there is a convergence of business, technical and security requirements
• Implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

Operational Support

• Coordinate, measure and report on the technical aspects of security management.
• Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
• Manage and coordinate operational components of incident management, including detection, response and reporting.
• Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
• Manage the day-to-day activities of threat and vulnerability management, identify risk
• tolerances, recommend treatment plans and communicate information about residual risk.
• Manage security projects and provide expert guidance on security matters for all important initiatives taken by the company
• Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and follow policies and audit requirements.
• Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks. Initial Envisaged Roadmap for the leader
• Streamline the Information Security related processes in the organization and improve its Information Security posture The leader will be expected to set-up a 24X7 Security Operations Center (SOC) to bring in the best-in-class infrastructure and solutions to assess vulnerabilities and prevent, detect, protect and predict any potential cyber threats
• Create focus on Risk Management, Business Continuity Planning and Scenario Planning and Analysis
• Have an Enterprise Risk Management strategy formulated and implemented
• Build right skills for risk analysis & mitigation, cyber-security testing B. Eligibility Criteria
• Nationality: Indian Nationals/Citizens only
• Requirements and Qualifications

• A minimum of 15 years of IT experience, with at least 10 years in an information security role and at least 5 years in a supervisory capacity.
• A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
• The individual must have the following:
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies. Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• An understanding of operating system internals and network protocols.
• Familiarity with the principles of cryptography and cryptanalysis.
• Experience in application technology security testing (white box, black box, code review, Simian Testing etc).
• Experience in system technology security testing (vulnerability scanning and penetration testing).