Chief Information Security Officer

The Opportunity The CISO is primarily responsible for the overall information security governance across ZKGI and business units/segments. The CISO is responsible for ensuring the business units/segments comply with local regulations and Zurichs information security policies via remediation programs, stakeholder engagement, security education and awareness programs and security advisory.

What will you be doing?

Information Security governance

• Provide governance on information security controls in ZKGI BUs.
• Drive remediation actions to fix security control gaps
• Security consultancy on business, IT and security projects (including major changes)
• Ensure Global Information Security strategy is understood by local Senior Management and stakeholders
• Influence BU work culture to ensure Security by Design is adopted in all IT projects and BAU activities

Information Security & Risk Reporting

• Provide transparency and education to BU ExCo, Senior Management and the Board on information security topics
• Share Regional and BU level information security reports and dashboards to help BU management understand information security risk exposure
• Collaborate with Risk Management to assess Cyber risk exposure for Bus

Information Security Risk and Compliance

• Engage with business/IT and coordinate/perform the following assessments and drive remediation:

• Cloud security assessments

• Vendor assessments
• Business / IT Application assessments (incl. pre & post implementation reviews, major changes)
• Regulatory assessments (local regulations, PCI, etc)
• IT Compliance assessments
• IT Risk assessment (e.g. M&A)

• Themed security reviews

• Exception management

• Act as the local Subject Matter Expert in the global ICIF and ORM KRI work to ensure these frameworks are understood and executed appropriately at the local level. Review BUs deliverables to ensure accuracy and quality
• Ensure BU compliance with applicable regulations. Test the effectiveness of related information security controls on a regular basis, leveraging existing frameworks such as ORM KRIs and ICIF etc.

Application Security & Cloud

• Collaborate with business / IT to ensure application security controls are implemented throughout the application development life-cycle (supported by the Global Application Security team)
• Work with Group to develop DevSecOps capabilities locally
• Work with the Cloud Center of Excellence and other relevant teams to ensure security risks associated with the local cloud environments are identified and addressed

Security Awareness & Education

• Drive BU level security awareness and education program
• Facilitate global Security Awareness & Education initiatives at the BU level

Security Incident Response

• Coordinate and facilitate IT security incidents response and forensic investigations (supported by the Global Cyber Response team)

Security Threat Intelligence

• Participate in industry forums or communications with local regulators to identify Cyber threats in India. Engage with the Cyber Threat Intelligence team to ensure these threats are reviewed and responded to.
• Ensure actions recommended by global Cyber Threat Intelligence team are completed at the BU level
• Communicate Cyber threat alerts to the Bus

People Management and Development

• Ensure the local team continue to acquire new information security skills and knowledge through training and certification
• Provide coaching to team members (including local and regional team members) to develop them to advance in their career