Information Security Officer

Job Overview :

The Information Security Officer (ISO) will be responsible for leading the company's information security program and ensuring the confidentiality, integrity, and availability of the company's information assets.

The ISO will report directly to the Head Digital Transformation and work closely with the executive team to develop and implement security strategies that align with the company's overall business objectives.

Responsibilities :

- Develop and implement a comprehensive information security strategy, policies, and guidelines in accordance with the Cyber Security Guidelines issued by CEA and NCIIPC to protect the organization's information assets including IT & OT.

- Oversee the design, implementation, and maintenance of the company's information security architecture.

- Conduct regular risk assessments and vulnerability scans to identify potential security threats and vulnerabilities and develop mitigation strategies.

- Develop and implement the company's Cyber crisis management Plan, Critical information infrastructure protection plan, incident response plan and disaster recovery plans.

- Develop and maintain a security awareness and training program for employees, security team and other stakeholders.

- Ensure compliance with all regulatory and legal requirements related to information security, including CEA's Cyber Security Guidelines, NCIIPC guidelines, ISO standards and data privacy and protection laws (DPDPA Act).

- Establish and maintain strong working relationships with internal and external stakeholders, including regulatory bodies, auditors, and external security vendors and service providers.

- Manage and oversee the security operations team, including the security operations centre (SOC), security analysts, and security engineers.

- Develop and maintain metrics and reports to monitor the organization's information security posture and communicate security-related information to senior management and the board of directors.

- Identify, mitigate and monitor information security risks to the company's operations, assets, and reputation and accordingly implement improvement initiatives.

- Manage the company's information security budget and ensure that resources are allocated effectively.

Qualifications :

- Bachelors or Master's degree in Computer Science, Information Technology, or a related field.

- Preferred to have professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Ethical Hacker (CEH).

- 7+ years of experience in information security, with at least 2 years in a leadership role.

- Experience in developing and implementing information security strategies, policies, and guidelines in accordance with regulatory requirements and industry best practices, including Cyber Crisis Management Plan (CCMP), Vulnerability Assessment & Penetration Testing (VAPT) and procedure for identification of Critical Information Infrastructure (CII), to deal with Cyber crises, contingencies and disasters, attack on IT & OT systems etc.

- In-depth knowledge of the power sector's cyber security guidelines, including CEA's Cyber Security Guidelines and NCIIPC guidelines.

- Experience in common information security management frameworks, such as ISO/IEC 27001, and NIST including cyber security standards for operational technology (OT) such as ISA/IEC 62443, and ISO/IEC 27019.

- Strong communication and leadership skills, with the ability to effectively manage a team and communicate complex information to non-technical stakeholders.

- Experience in managing information security audits, reviews, log analysis and coordinating responses with internal and external stakeholders.

- Familiarity with relevant regulatory and legal requirements related to information security, including IT Act, data privacy, protection laws and associated Rules.

- Strong analytical and problem-solving skills, with the ability to identify and mitigate potential security threats and vulnerabilities.

- Experience with Renewable Energy (Solar, Wind, Hybrid) Operational and IT infrastructure and its security management.

Location : This position is based in the company's headquarters in Hyderabad, India. (Other option available is Pune)