Governance & Risk Compliance

**10 - 12 years**:
**Bachelor of Computer Applications - Computers**:
**Risk
- Compliance
- Cyber Security**:
**29 ~ 30 LPA**:
**POSITION DETAILS**

**Position Title/Functional Designation**

**General Manager _ Governance & Risk Compliance (Information Security)**

**Company**

**Poonawalla Fincorp Limited**

**Division / Department**

**Risk - Information Security**

**Principal Accountabilities**
- **Establishing cyber security and business continuity programmes for uplifting the cyber resilience and incident response for PFL in compliance to Information Security and Cybersecurity Policy, Common Security Standards, Technical Security Standards and CISO Directives.**
- **Responsible for reporting to PFL Management and IT Risk Committee the critical cyber security threats and vulnerabilities that PFL is exposed to, ensuring emerging cyber threats and the bank’s preparedness in response to these threats are reported and discussed in the PFL IT Risk Committee.**
- **Be the focal person for PFL regulator RBI, be able to communicate accurately and effectively the bank’s security posture and regulatory compliance status. Be the point of contact and interact regularly with regulatory agencies PFL Computer Emergency Response Team (CERT-In).**
- **Responsible for reporting any information security incidents to CERT-In.**
- **Responsible for driving the compliance of RBI’s Cyber Security Framework and all current and future advisory notes received from the regulator.**
- **Evaluating the resources requirement and ensuring information security resources are adequate and proportionate to the inherent business risk of PFL operations, taking into considerations of business volume, distribution channels, technology footprint and complexity.**
- **Being the information security and cyber policy owner, responsible for development of (but not limited to) PFL Information Security and Cyber Security Policy, Data Governance and Classification Policy, Access Control Policy, Acceptable use of assets and asset management policy.**
- **Keep abreast of country specific cyber threats through maintaining close work relationship with regulatory agencies CERT-In, attend RBI’s cyber events, mandatory trainings and participate in CISO Forum coordinated by IDRBT / RBI if required.**
- **Establish a Cyber Management Group with representations from PFL management and functional heads. Establish and maintain the Cyber Incident Response Plan (CIRT) which defines the roles and responsibilities amongst key functional stakeholders during a cyber incident.**
- **Planning and executing periodic cyber breach simulation exercises, make sure PFL Branch is well prepared for any cyber breach incidents with widespread impacts.**
- **Responsible for developing PFL cybersecurity KRIs and KPIs and presenting the KRIs and KPIs to PFL risk committee for independent challenge and management oversight.**
- **Work with the CISO & IT to develop a holistic risk management framework for PFL.**
- **Manage risk remediation activities for PFL, ensuring the remediation works are executed in accordance to the approved timeline and deliverables.**
- **Oversee all new technology initiatives and provide advisory services to ensure all new initiatives are executed in accordance to RBI regulations and the PFL policies. Conduct Threat Risk Assessment for new technology initiatives.**
- **Manage risks associated with third party suppliers, conduct third party due diligence and ongoing risk management activities in accordance to the bank’s Third-Party Risk Management Framework.**
- **Conduct awareness training periodically to general staffs and functional leads across the PFL.**
- **Support and coordinate regulatory, external and internal audits.**

**Qualification, Experience & Skills**
- **Bachelor’s degree in engineering or Graduation in Computer Science degree**
- **7-12 years’ experience in Privacy, Information Security, Compliance, Risk and Regulatory is mandatory for this role. Experience in BFSI / NBFC Domain will be preferred.**
- **Any one Information security credentials CISSP, CISM, CISA, PCI DSS, ISMS Lead Auditor, Compliance, Risk Assessment, ISO 27001, Business Continuity Management. (or equivalent) is an advantage.**
- **Excellent communication skills in verbal and writing. Problem solving attitude and willingness to learn**
- **Age Criteria - 28 to 42 Years