Director - Infosec - IT Governance.
Position Summary :
- Responsible for leading the Information Security and IT Governance function and initiatives for the South Asia region and the Global Outsourcing business group (GO), inclusive of information security, data privacy, and associated control frameworks and compliance obligations (contractual, regulatory, and internal company), customer risk assessments, AT101/SOC audits, ISO 27001 Certification, ITGCs for SOX and statutory audits, and PCI.
- Collaboratively develops policies, procedures, technical standards, methods, and education programs related to information security and data privacy.
- Oversees the strategic relationship within the region between the information security function and associated IT operational and development functions, as well as business operations and corporate groups (HR, Legal and EHS, in particular).
- Maintains the organization's awareness of both technical control solutions as well as regulatory and policy developments in information security and data privacy.
- Facilitates the formulation of long- and short-range plans for the acquisition and implementation of new solutions and techniques for data protection appropriate for the associated region.
- Responsible for direct oversight of staff and consultants supporting the IT Governance function for the region as well as a team dedicated to supporting global IT Governance functions.
- Maintains oversight of data privacy function within region through indirect oversight of activities by regional staff with related responsibilities. Reports directly to the CISO and will work closely with the Vice President of IT for Global Outsourcing.
- Manage the mission and operational priorities of the South Asia IT Governance team.
- Translate objectives into short-term assignments, processes and measures. Communicate what is to be accomplished and coordinate/integrate activities to achieve overall achievement of goals.
- Develop short-term department and individual associate goals and review progress.
- Function as a subject matter expert and utilize expertise to incorporate, understand, and blend the functions of other areas to make decisions and recommendations.
- Develop and manage the South Asia information security strategy and associated strategies for risk mitigation; liaise with other enterprise and regional security and governance teams, compliance teams, application and operations teams to ensure strategy is aligned with global business needs and risk considerations.
- Manage associated project portfolio to support the implementation of the information security strategy within the South Asia region.
- Lead, facilitate and participate in the design of architectures and the evaluations/implementations of technical solutions within the South Asia region.
- Oversee the ongoing maintenance of ISO 27001 certification for the Global Outsourcing business.
- Develop associated regional policies / procedures / standards to support the information security strategy.
- Manage the regional IT Governance team; define staffing, training and development requirements based on business needs and budget. Advance the development of staff by creating an environment conducive to internal, external, cross and on-the-job training.
- Lead the threat analytics, vulnerability testing and remediation programs for the region and 3rd party services contracted by within the region or by the Global Outsourcing business.
- Lead the region's Security Incident Response Process.
- Assist the CISO in preparation of executive and management reports related to cyber and internal information security risks, events, and actions.
- Maintain a strong understanding of the Global Outsourcing business, and the business process outsourcing market in general, and the unique information security requirements of the business, its customers and the markets in which it operates.
- Translate and ensure implementation of the information security requirements of the Global Outsourcing business and its customers for the operational (business and IT) teams through collaborative efforts to ensure security remains a market differentiator.
- Performs other related duties and participates in special projects as assigned.
Required Skills :
- The duties and responsibilities described above are the essential functions of the job. The qualifications below are representative of the knowledge, skills, and/or abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Bachelor's degree in computer science, engineering or related discipline with 10-15 years specific experience in information security and 6-8 years of direct management of staff OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience.
- Current CISSP or comparable certification is required. Demonstrable practical experience in security incident handling is necessary and certification is highly desired. Experience implementing and maintaining security control frameworks such as PCI, ISO 27001, NIST, CSF, BITS, AT101/SSAE16 is highly desired.
- Able to consistently contribute effort, leadership, and creative thinking to solving complex and significant problems in a collaborative fashion.
- Must be able to demonstrate an ability to work concurrently on multiple complex and often ambiguous problems. Ability to motivate, lead and direct activities of staff who often report directly through other organizational lines of management.
- Requires excellent communication skills with all levels of audience.
- Able to communicate complex concepts, problems and solutions clearly and effectively within the organization. Able to structure messages in keeping with listener's experience, background and expectations.
- Able to adapt communication style and use terms, examples, and analogies that are meaningful to the listener.
- Able to communicate in an effective and approachable style that engages others and builds credibility. Able to provide rationale when delivering complex or challenging information.
- Able to determine the most appropriate medium when conveying information to large groups or to reinforce a message.
- Able to understand the impact of communications on the organization or customer, including any legal/regulatory implications.
- Should be able to effectively manage Information Security Risk relating to Cloud Platforms, SaaS, Mobile technology, Robotic Process Automation, AI/ML.
- Should be able to deliver Data Privacy regulatory requirements such as GDPR for the organization.
Salary: Not Disclosed by Recruiter
Industry: IT-Software, Software Services
Functional Area: Top Management
Employment Type: Permanent Job, Full Time
UG: Any Graduate - Any Specialization
PG:Any Postgraduate - Any Specialization
Doctorate:Doctorate Not Required
18 - 25 yrs Chennai, Delhi NCR
Keyskills: risk compliance, It Compliance, risk control, technology risk, it risk
Pinnacle Search Services
10 - 18 yrs Mumbai
Keyskills: IT Audit, IT Risk Management, Cyber Security, IT Controls...
15 - 25 yrs Bengaluru
Keyskills: IT Services Sales, Cyber Security, IT Risk Management, Practice Head...
Value C Consulting Services Private Limited
10 - 20 yrs Bengaluru, Hyderabad, Pun...
Keyskills: Cyber Security, CISSP
Amagi Media Labs Pvt Ltd.
10 - 20 yrs Bengaluru
Keyskills: risk management, Risk Assessment, compliance, Strategic Technology Planning...
MatchMove India Pvt. Ltd.
10 - 15 yrs Bengaluru
Keyskills: iso 27001, Cloud Security, endpoint security, data loss prevention...
Hector and Streak Consulting Pvt Ltd
9 - 14 yrs Mumbai
Keyskills: Cyber Security, Networking, Information Security, Business Continuity...