Chief Information Security Officer

**Synopsis of the role**:
The Business Information Security Officer (BISO) position is responsible for maintaining the confidentiality, integrity, and availability of our customer’s data and the security of the assets of the company for an assigned Business Unit / COE/Region. The BISO will understand business strategy, life cycle, and trends and infuse this point of view into Global Security at large. The role will focus on improving intra-region and cross-region collaboration, providing consulting in support of business drivers; and providing strong guidance and support for mitigation for noted areas of exposure such as insecure business practices, policy exceptions, tool and technology implementations, vulnerabilities, and local programs that support security initiatives and improvements. The role will work hand in hand with BISO, VP peers to continuously improve the global information security management system (ISMS). This position is typically a manager of BISOs and Security Analysts.

**What you’ll do**
- Responsible for identifying, evaluating and reporting on security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
- Provides oversight and manages a team of directs which typically includes BISOs and Security Analysts; and influences a team of non-directs in peer organizations.
- Primary purpose of this role is to balance business risk with the security mandate, striking the right balance between likelihood and impact of an issue.
- Role acts in consultative capacity, assisting business units to assess and adopt proper course of action when addressing risk and provides consultative guidance for new business cases and coordinates security needs across all implementations and programs for assigned areas.
- Responsible for developing relationships with customers and understanding their “security experience” with Equifax, anticipating customers’ security needs, developing operational plans to implement improvements, influencing others internally and externally, including senior leaders, to achieve a blended approach that satisfies both security and business needs.
- Position is the primary conduit through which the operational security units (technology, operations, assessments, investigations, and physical) can be effective and affect change for the assigned area of responsibility.
- Ensures that leadership in the assigned area (SVP, GM) are well informed regarding security programs, threats, and risks.
- Responsible for championing security compliance with all local government regulations, customer contracts, and company policies in the assigned area.
- Leads a team that contributes to business objectives through deepening customer relationships, representing the Equifax security program in industry forums, developing an expert understanding of business processes, goals, and challenges, and partnering across the assigned area to coordinate security program activity.
- Participate in business initiatives to help accelerate time to revenue and explore monetization opportunities for Security services.

**What experience you need**
- Mandatory Bachelors or higher graduation required; Preferred domains IT or Cyber security.
- CISM, CISSP, CISA or CRISC qualification preferred.
- Experience of working in an RBI regulated entity (RE) and well versed with RBI Infosec requirements.
- 15+ years’ experience in the information security domain with at least 3 years in a leadership role; and at least 5 years of experience in a financial organization’s Infosec department, preferably a bank operating in India.
- Subject matter expert in Information security domains such as Cloud security, Network security, Data security, Application and API security, Vendor risk management and ISO 27001:2022
- Strong stakeholder management internally and externally, with excellent interpersonal, communication skills and ability to build rapport quickly
- Identifies and solves a range of problems in complex situations
- Leads decisions within guidelines and policies
- Identifies, analyzes, monitors and minimizes areas of risk to the organization including information, physical and corporate security policies and procedures
- Have led the facilitation of internal and external audits (RBI Audits).

**What could set you apart**
- Experience of cloud migration.
- Implementing security programs that achieved PCI-DSS compliance.
- Skilled at communicating complex issues to both technical and non-technical audiences and comfortable receiving constructive challenges.
- Comfortable managing several projects at any one time and have experience of working in fast paced environments which process sensitive customer data.