General Manager Infosec

We're looking for an experienced
GRC Specialist
to join our team, with a strong emphasis on cybersecurity skills. The ideal candidate will have a minimum of
8 years of hands-on experience
in Governance, Risk, and Compliance, with a strong focus on the health insurance industry. You must possess extensive knowledge of regulatory frameworks in the Insurance/Financial domain and have a proven track record in implementing and managing an
ISO 27001 Information Security Management System (ISMS)
.

This role is critical for ensuring our organization maintains a robust compliance and risk management posture specific to the unique requirements of the health insurance sector, while also proactively protecting our digital assets and sensitive data.

Key Responsibilities

Regulatory Compliance & Health Insurance:

• Monitor and interpret regulations from IRDAI to ensure full compliance with norms specific to health insurance products, policy servicing, and claims management.
• Ensure adherence to data privacy and security regulations as they pertain to financial and operational activities within the health insurance business.
• Conduct regular compliance audits and gap analyses tailored to health insurance operations.

Risk Management:

• Develop and implement a comprehensive risk management framework, with a particular focus on risks associated with health insurance policy issuance, underwriting, and claims processing.
• Identify, assess, and mitigate operational, reputational, and financial risks.
• Maintain the corporate risk register and report on risk posture to senior leadership.

Information Security & ISO 27001:

• Lead the implementation and continuous improvement of the ISO 27001 ISMS.
• Conduct internal audits and manage external audits for ISO 27001 certification.
• Develop and enforce information security policies and controls to protect sensitive customer data, including Protected Health Information (PHI).

Cybersecurity Operations:

• Threat & Vulnerability Management:
  Conduct regular vulnerability scanning and manage the remediation process to secure IT infrastructure.
• Incident Response:
  Develop and maintain the security incident response plan, leading efforts to contain, eradicate, and recover from security incidents.
• Security Controls:
  Implement and manage technical security controls such as
  Security Information and Event Management (SIEM)
  systems,
  Data Loss Prevention (DLP)
  tools, and
  Access Control Models
  .

Policy & Procedure Development:

• Draft and update GRC-related policies, with a focus on those relevant to health insurance, such as data privacy, business continuity, and third-party vendor management.

Training & Reporting:

• Create and deliver training on GRC and cybersecurity topics to staff, emphasizing compliance and security best practices for health insurance.
• Prepare and present detailed GRC and cybersecurity reports to management and regulatory bodies.

Qualifications

• Bachelor's degree in a relevant field.
• Minimum of
  8 years of GRC experience
  , with a significant portion in the health insurance or a related financial services sector.
• Demonstrable expertise in regulations applicable for Insurance & Financial Domain.
• In-depth knowledge and hands-on experience with
  ISO 27001
  and ISMS implementation.
• Proven hands-on experience in cybersecurity
  , including vulnerability management, incident response, and security operations.
• Certifications such as
  CISA, CISM, CRISC, CISSP
  , or ISO 27001 Lead Auditor/Implementer are highly preferred.
• Strong analytical skills and the ability to interpret complex regulations and security data.
• Excellent communication and interpersonal skills.