Ciso for Business Unit

Opening: 1 Nos.
- Job ID: 64183
- Employment Type: Full Time
- Reference:

- Work Experience: 15.0 Year(s) To 20.0 Year(s)
- CTC Salary: 70.00 LPA TO 80.00 LPA
- Function: IT Infrastructure & IT Security / Support
- Industry: IT-Software/Software Services
- Qualification: B.Tech/B.E. - Computers; MBA/MMS/MPM/PGDM - Information Technology
- Location:

- Mumbai
**Responsibilities**

**Operational**:

- Understanding business processes and assessing the criticality of the technological solutions being used to carry out business functions.
- Review business Level processes and new initiatives for Cyber security requirements and help in incorporating industry best practices.
- Continuously monitor and assess execution of security policy and validate necessary controls are in place.
- Support security governance processes and serve as cyber security interface to the business.
- Enable User education/ awareness on Cyber Policy and its enforcement.
- Identify, report service level attainment results, and highlight improvement opportunities.
- Drive continuous process improvements for Cyber operations and benchmark them with industry standards

**Project Management**
- Design and implement BU level Cyber security projects as per the business requirements.
- Lead and manage projects that drive execution of security policy and validation of necessary controls.

**Risk Management & Compliance**
- Oversee deployment of strategic interventions to mitigate risks and address vulnerabilities.
- Forefront initiatives to monitor and drive adherence of Cyber operations to protocols, legal and regulatory compliances at group and business level.
- Build security reporting dashboards for capturing risk status of different systems.
- Revisit operations policies/ frameworks in accordance to changing business, technology landscape and regulatory environment.

**Security Audit**
- Plan and implement the internal audit of IT, OT, and business processes across the organization in collaboration with the Group and Business Audit and assurance counterparts.
- Ensure testing and evaluation of system controls, policies, and procedures as required.
- Empanel audit agencies for security audit and ensure audits are conducted as defined and co-lead interface with auditors.
- Monitor and track all security controls for potential issues, perform verification assessment of controls and determine and update necessary controls to ensure documentation in enterprise security plan.
- Identify and maintain a repository of leading security practices and standards used. Report on the implementation of leading practices and standards and map them to controls and metrics.

**Vendor-Partner Management and Engagement**
- Track partner performance to ensure project delivery basis expected quality, timelines and budgetary considerations, and address non-performance; Conduct regular partner performance reviews based on project criticality.
- Manage escalations related to partner (non)performance, scoping issues, partner pay-outs.
- Cultivate strategic relationships with partners and effectively leverage them for value additions.
- Engage with partners on a frequent basis for a win-win relationship; Facilitate organization of capability road shows/ POCs by partners to increase partner engagement with the organization

**People Management**
- Working with Cyber, IT and OT teams
- Communication with sites.
- Coordination with other departments and functions
- Coordination with other organizations
- Dealing with service providers.

**KRAs with Outcomes (Jobs which brings value to the organization)**

**Domain**

**KRA (Key Result Ares)**

**KPI (Key Performance Indicator)**
Minimizing Business Impact
Minimizing Business impact due to Cybersecurity issues.
- Business Loss due to Cybersecurity issues. (% of EBITDA)
Security Review
Review of Service requests and New Projects w.r.t Cybersecurity
- Requests reviewed within SLA (%).
- Projects reviewed within SLA (%).
Ensure Compliance
Compliance to Legal and Regulatory guidelines related to Cybersecurity
- Compliance to Legal and Regulatory guidelines. (% compliance against total requirements)
- Timely communication and co-ordination with the regulatory agencies (%).
Ensuring effectiveness of Security Controls
Ensuring security controls are effective for endpoints, servers, and network.
- Ensuring Coverage of endpoint security agents (%)
- Ensuring Coverage of Server security agents (%)
- Ensuring policy review and other effectiveness measures of network security (%)
Vulnerability Remediation
Closure of Identified vulnerabilities
- % Of Vulnerabilities closed as per policy requirement.
Cybersecurity Awareness
To facilitate and nurture deep-rooted cybersecurity culture.
- To develop relevant processes and systems, and behavioral training to employees to sustain cybersecurity consciousness and culture in the businesses.
Cybersecurity governance
Establish and manage governance in cyber security function
- Governance MIS rep