Group Chief Information Security Officer

ABG Group Chief Information Security Officer (GCISO) will be based out of the Group Corporate Office i.e ABMCPL (Aditya Birla Management Corporation Limited) and will lead and oversee the information security strategy and operations of our diversified conglomerate across 36 countries. The GCISO is responsible for ensuring the confidentiality, integrity and availability of our data, systems and assets, as well as managing the security risks and compliance requirements of our diverse businesses.

The GCISO reports directly to the Group CIO and is a key member of IT and Digital leadership team of ABG. The GCISO works closely with the business unit leaders, IT heads, legal and regulatory teams, and external stakeholders to align the information security vision and objectives with the group's overall strategy and goals.

Responsibilities:

- Define and implement the group-wide information security framework, policies, standards, guidelines and best practices, in alignment with the industry benchmarks and regulatory requirements.
- Establish and maintain the information security governance structure, including the roles, responsibilities, committees, processes and metrics to measure and monitor the effectiveness and performance of the information security program.
- Develop and execute the information security roadmap, budget and resource allocation, and prioritize the initiatives and projects based on the risk assessment and business impact analysis.
- Lead and manage the information security team, including hiring, training, mentoring and evaluating the staff, and ensuring their professional development and career growth. The current team size is 10 FTEs.
- Oversee the information security operations, including the identification, prevention, detection, response and recovery from cyber threats and incidents, and the implementation and maintenance of the security tools and technologies: Endpoints, Perimeter, Monitoring, Attack Surface Monitoring, Brand protection, Security Orchestration system, Threat Intelligence, etc.
- Coordinate and collaborate with the business units, IT teams, internal audit, legal and compliance, and external partners and vendors to ensure the integration and alignment of the information security policies and controls across the group. Group CISO also chairs the group CISO council and directs all the business CISOs.
- Promote and foster the information security awareness and culture among the employees, customers, suppliers and other stakeholders, and provide regular communication and reporting on the information security status, issues and trends.
- Stay abreast of the latest information security developments, trends, threats, vulnerabilities, best practices and standards, and provide strategic guidance and recommendations to the senior management and the board.

Qualifications: A bachelor's degree or higher in computer science, information technology, information security, or related field, and relevant professional certifications such as CISSP, CISM, CISA, CRISC, etc

Required Skills:

- At least 20 years of progressive experience in information security, risk management, IT governance, or related domains, preferably in a diversified conglomerate or a large multinational organization
- Proven track record of designing, implementing and managing a comprehensive and effective information security program, and delivering successful outcomes and value to the business
- Strong leadership, communication, presentation and interpersonal skills, and the ability to influence and collaborate with senior executives, peers, staff and external parties
- Strategic, visionary> and innovative mindset, and the ability to balance the big picture and the details, and the risks and the opportunities
- Sound knowledge and understanding of the information security principles, practices, standards, frameworks, regulations and laws, and their applicability and implications to different business sectors and geographies

---