Chief Information Security Officer

Vacancy Code

HWD/Vacancy/24-25/CISOFT/01

Location

Navi Mumbai/Mumbai

Eligibility Criteria

Only Indian citizens are eligible to apply

Age Limit:
Upper Age Limit : 55 Years as on 31st December, 2024
Lower Age Limit : 40 years as on 31st December, 2024

Educational Qualifications
- **Basic Qualifications**:
Must have full-time Master’s or Bachelor’s degree in Engineering disciplines namely Electronics & Telecommunications/ Computer Science/ Electronics & Electrical/ Information Technology/ Electronics & Communication or Master’s in Computer Application from a University/ Institute recognized by Government of India or its Regulatory bodies. Preferably with specialization in information security/ IT Risk Management/ Cyber Security etc.
- **Professional Qualifications (preferred)**:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Chief Information Security Officer (CCISO)
Certified Information Systems Auditor (CISA)
International CISO Certification is desirable.

Experience
- Note: Experience to be reckoned as on 31st December, 2024

Job Profile
- **1.Security Strategy & Planning**:

- a. Develop and implement a comprehensive information security strategy aligned with the organisation’s goals and objectives.
- b. Conduct risk assessments and prioritize security initiatives based on business needs and risk exposure.
- c. To develop stress testing mechanism to ensure cyber resilience
- **2. Policy, Reporting and Compliance**:

- a. To review and update information security policies, standards and procedures to ensure compliance with relevant regulations and standards w.r.t. IS and Cyber Security.
- b. To review and to ensure implementation of IS Policy and recommend changes therein.
- c. To ensure compliance with respect to organization specific information security policies, procedures, standards, guidelines and directives & advice of various regulators.
- d. To appraise the management about the status of ISMS compliance, Global developments and necessary action points in the area of cyber security.
- e. To define and report on information security related KPIs.
- **3.Incident Response and Management**:

- a. Lead incident response efforts during security breaches, coordinating with internal teams, external stakeholders and law enforcement as necessary.
- **4.Security architecture and design**:

- b. Conduct security architecture reviews and recommend improvements to enhance the overall security posture.
- **5. Business Continuity and Disaster Recovery Planning**:

- a. Maintain business continuity and disaster recovery plans to ensure the organization can continue operating in the event of a security incident or disaster.
- b. Conduct regular testing and exercises to validate the effectiveness of these plans.
- 6. To manage the IT risks through formal Risk management methodology - Asset identification and management, Risk assessment, Vulnerability management and controls compliance.
- 7. Knowledge of common information security management standards and frameworks such as SEBI information security framework, ISO, SOC etc.
- 8. Assess, plan, evaluate and recommend new tools as a pro-active/reactive measure for maintaining cyber security posture of the company.
- **9. Audits and Reporting**:

- a. To co-ordinate IS Audit and ensure its compliance as defined in the policy.
- b. Responsible for the certification audit and all subsequent surveillance audits.
- **10. Executive Leadership and Communication**:

- a. Serve as the primary point of contact and advisor on security matters for executive leadership and the Board of Directors.
- b. Serve as part of internal committees for various activities such as and not limited to tool/platform assessment, advisory services
- **11. Security awareness & training**:

- a. Develop and deliver security awareness training programs to educate employees about security best practices and potential threats.
- b. Promote a culture of security awareness and compliance throughout the organization.
- **12.Continuous Improvement**:

- b. Ensure information security across various devices, networks and infrastructure -physical/ on premises/ cloud etc.
- c. Anticipate, access and actively managing new and emerging threats related to information security.
- d. To stay informed about global best practices and latest developments in the field of information security including technology, management practices and regulatory requirements.
- **13. Any other item will be as per mutual agreement**:

- **Remark: Job profile mentioned above is illustrative in nature. Roles in addition to the above mentioned may be assigned by StockHolding from time to time for the above post.**

Remuneration/
CTC
(Negotiable)

Other
Allowences
- CTC include all the allowances as applicable to the grade of Divisional Manager/ AVP. No other benefits & perquisites will be paid separately.
- Residual benefits as may be decided by the corporation fro