Cyber Security Site Lead

About Business:

Adani Group: In recent years, we have evolved from a new player in power generation to India's largest private thermal power producer, with a capacity of 15,250 MW and a 40 MW solar project in Gujarat. It has created a world-class logistics and utility infrastructure portfolio that has a pan-India presence. Adani Group is headquartered in Ahmedabad, in the state of Gujarat, India. Over the years, Adani Group has positioned itself to be the market leader in its logistics and energy businesses focusing on large-scale infrastructure development in India with O & M practices benchmarked to global standards. With four IG-rated businesses, it is the only Infrastructure Investment Grade issuer in India.

Job Purpose: The Business Unit Cyber Lead will be responsible for leading and managing the cybersecurity strategy, execution, and risk management efforts within a specific business unit. This role serves as the primary point of contact for all cybersecurity-related matters within the business unit, ensuring that security risks are effectively identified, mitigated, and managed. The Business Unit Cyber Lead will work closely with business leaders, IT teams, and the enterprise cybersecurity function to ensure that cybersecurity initiatives are aligned with business objectives and effectively executed to protect the organization's digital assets.

BU Cyber Lead

Cybersecurity Strategy and Leadership for Business Unit:

Develop, implement, and oversee the business unit's cybersecurity strategy in alignment with the organization's overall security framework and business objectives.

Provide expert guidance and leadership on cybersecurity best practices to business unit leaders, ensuring security is a top priority across the business.

Foster a security-conscious culture within the business unit, engaging employees and leaders at all levels to prioritize and adhere to cybersecurity standards.

Risk Management and Threat Mitigation:

Identify, assess, and manage cybersecurity risks specific to the business unit, including business-critical applications, data, and infrastructure.

Work with business unit leadership to ensure that cybersecurity risks are adequately mitigated and aligned with business priorities and objectives.

Conduct regular risk assessments and vulnerability management exercises to ensure that the business unit is protected from emerging and ongoing cybersecurity threats.

Collaboration with Cross-Functional Teams:

Partner with enterprise cybersecurity, IT, legal, and compliance teams to ensure that the business unit's cybersecurity practices are aligned with corporate security policies and regulatory requirements.

Collaborate with business unit teams to integrate security considerations into daily operations, product development, and IT systems.

Support business units in achieving their goals by ensuring that cybersecurity risks are understood and managed proactively during project planning and execution.

Incident Response and Crisis Management:

Act as the business unit's lead during cybersecurity incidents, coordinating response efforts and ensuring timely resolution of security breaches or vulnerabilities.

Lead post-incident reviews to assess the impact, identify lessons learned, and ensure that future security measures are enhanced to prevent similar issues.

Work closely with the enterprise cybersecurity team to implement incident response protocols and communication strategies.

Compliance and Regulatory Oversight:

Ensure that the business unit adheres to relevant cybersecurity compliance requirements and industry standards (e.g., GDPR, ISO 27001, NIST, etc.).

Manage and oversee internal and external audits to ensure compliance with regulatory bodies and industry-specific cybersecurity standards.

Ensure the business unit's cybersecurity practices meet legal and regulatory requirements for data protection and security.

Security Awareness and Training:

Collaborate with the enterprise security team to ensure that the business unit's employees receive appropriate cybersecurity awareness training.

Develop and deliver tailored cybersecurity training and awareness programs that address the specific security challenges and needs of the business unit.

Monitor and evaluate the effectiveness of security training, providing feedback and additional resources as necessary.

Cybersecurity Program Management:

Oversee and manage the execution of cybersecurity initiatives and projects within the business unit, ensuring they are completed on time and within budget.

Monitor and report on the progress of cybersecurity initiatives, tracking performance metrics and identifying any roadblocks or challenges that may arise.

Lead the adoption of cybersecurity tools, technologies, and processes within the business unit to improve security posture and risk mitigation.

Reporting and Stakeholder Engagement:

Provide regular updates and reports to senior leadership on the business unit's cybersecurity posture, risks, and ongoing initiatives.

Serve as the primary point of contact for cybersecurity-related queries from business unit leadership, ensuring clear and timely communication.

Build and maintain relationships with key stakeholders within the business unit to promote cybersecurity awareness and drive security initiatives forward.

Key Stakeholders - Internal

Business Unit Heads and Department Heads

Chief Information Security Officer (CISO)

IT Infrastructure and Operations Teams

Information Security and IT teams

Legal, HR, and Compliance teams

Risk Management Teams

Audit Teams

Key Stakeholders - External

Regulatory Authorities and Compliance Organizations

External Consultants

Security Vendors and Third-Party Service Providers

External Security Solution Vendors

Educational Qualification:

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Advanced degree (e.g., Master's, MBA) in Cybersecurity, Information Assurance, or a relevant discipline is highly desirable.

Certification:

Relevant industry certifications such as CISSP, CISM, or CISA are a plus.

Solid understanding of cybersecurity risks, policies, and regulatory requirements (e.g., ISO 27001, NIST, GDPR).

Work Experience (Range of years):

years with at least 8 years in Cyber Security.