PHI - Lead- Information Security

Prudential's purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people's career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.

PHI – Lead- Information Security

Prudential (UK) in partnership with the HCL group plans to set-up a standalone Indian health insurance company to address the growing healthcare needs of the Indian consumer.

This joint venture will combine Prudential's global expertise in insurance and financial services with HCL Group's experience in technology and healthcare solutions.

Prudential, with its longstanding presence in India, already operates two leading businesses in life insurance and asset management with the ICICI Group. Prudential was also the proud sponsor of the 1983 Cricket World Cup, India's first World Cup Victory

Prudential Health India is a Zero to One team undertaking a no-legacy, greenfield health insurance deployment in India, building journeys that truly empathize with the customer and offer a differentiated experience.

To partner with us in this mission, we are looking for a dynamic and Risk Manager to ensure the efficient and seamless operation of the Risk Department and plays a crucial role in identifying, assessing and mitigating risks in the organization.

Reporting To: CRO

Location: Mumbai

The Lead-Information Security will act as the designated Data Protection Officer (DPO) and act as the subject matter expert on data protection and security matters playing a critical role in protecting the organization's data and digital assets.

Reporting to the Chief Risk Officer as part of the Risk Function, the role holder has regulatory obligations (as per IRDAI Regulation) will lead and support business unit leaders and functional teams on data protection, information security, cyber risk and related issues, including reviewing proposals and providing recommendations, guidelines and advice on relevant data protection regulations.
 

Leading and managing the Prudential's adoption and implementation of advanced technology solutions and innovative uses of data (e.g., AI, machine learning), the CISO will lead the development and implement comprehensive security strategies to assess risks and ensure compliance with applicable regulations. By effectively managing security incidents and promoting security awareness the CISO helps to mitigate risks and safeguard the organization's information resources. Responsible for identifying and assessing potential security risks developing mitigation strategies and implementing effective controls to minimize vulnerabilities.

The CISO works closely with other senior executives such as the Chief Technology Officer (CTO), Chief Operations Officer and the Chief Distribution Officer to align security initiatives with business objectives. They also collaborate with other departments such as Legal Human Resources and Compliance to ensure that security measures comply with relevant laws regulations and industry standards.

Key Responsibilities

Security Strategy Development:

• The CISO takes a strategic approach to security identifying emerging threats and implementing proactive measures to protect the organization. They work closely with other stakeholders to align security initiatives with business goals.

Risk Assessment and Management:

• The Lead-Information Security assesses the organization's security risks including potential vulnerabilities and potential impact. They develop risk mitigation strategies and controls to minimize exposure to threats.

Security Policy and Compliance:

• The Lead-Information Security develops and enforces security policies and procedures to ensure compliance with applicable laws regulations and industry standards. They also oversee security awareness and training programs to educate employees on best practices and their role in safeguarding information.

Incident Response and Management:

• The Lead-Information Security develops and maintains an incident response plan to address security incidents promptly and effectively. They coordinate with relevant stakeholders to contain investigate and remediate security breaches or incidents.

Security Policy and Compliance:

• The Lead-Information Security develops and enforces security policies and procedures to ensure compliance with applicable laws regulations and industry standards. They also oversee security awareness and training programs to educate employees on best practices and their role in safeguarding information.

Security Monitoring and Incident Detection:

• The Lead-Information Security oversees the implementation and maintenance of security monitoring tools and technologies to detect and respond to security threats. They collaborate with the IT department to ensure effective monitoring of networks systems and applications.

Vendor and Third-Party Risk Management:

• The Lead-Information Security assesses and manages the security risks associated with third-party vendors and suppliers. They establish criteria for evaluating vendor security controls and ensure that appropriate measures are in place to protect the organization's data and systems.

Security Awareness and Training:

• The Lead-Information Security develops and delivers security awareness programs to educate employees on security best practices and cyber threats. They promote a culture of security awareness and accountability throughout the organization.

Incident Reporting and Communication:

• The Lead-Information Security is responsible for reporting security incidents to senior management regulatory authorities and other stakeholders as required. They communicate security risks incidents and initiatives to relevant parties ensuring transparency and timely response

Market knowledge:

• The Lead-Information Security must have awareness and understanding of the wider business, economic and market environment in which Prudential operates, specifically in the Indian Insurance environment.

Governance, oversight and controls:

• The Lead-Information Security must be able to assess the effectiveness of Prudential's arrangements to deliver effective governance, oversight and controls in its business and, if necessary, to oversee and support the implementation of changes in these areas.

Qualification & Experience

• This role requires significant knowledge and experience on the key data protection and security issues impacting the healthcare and insurance industry. The right candidate will be highly commercial and business aware and able to place specific privacy and data protection issues within a wider commercial and regulatory context, and as part of an innovative digital transformation agenda, minimum of 8 to 12 years of experience in a combination of risk management, information security and IT roles
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST
• Well-developed advocacy skills and experienced in negotiating and agreeing collaborative approaches with internal and external stakeholders  
• Highly networked and a skilled relationship builder, with the ability to build and maintain strong networks of policy influence
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Experience in applying regulatory knowledge to new products and services and excellent technical knowledge including on privacy-engineering techniques, data security, encryption, big data, profiling etc.
• Experience with Cloud computing/Elastic computing across virtualized environments.
• Specific experience in Agile (scaled) software development or other best in class development practices.

Skills

• Stakeholder Management
• Vendor Management
• Strong Communication Skills
• Technical (IT) skills
• Regulatory understanding (IRDAI)
• Strategic Mindset
• Entrepreneurship
• Execution Excellence
• Building High Performance Team

What we offer

• Competitive salary
• Career development opportunities for professional growth and development including training and mentorship programs
• Recognition as a key member of our leadership team
• Opportunity to shape the accounting function of a high-growth startup

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.