Job Description

Responsibilities

Operational:

• Understanding business processes and assessing the criticality of the technological solutions being used to carry out business functions.
• Review business Level processes and new initiatives for Cyber security requirements and help in incorporating industry best practices.
• Continuously monitor and assess execution of security policy and validate necessary controls are in place.
• Support security governance processes and serve as cyber security interface to the business.
• Enable User education/ awareness on Cyber Policy and its enforcement.
• Identify, report service level attainment results, and highlight improvement opportunities.
• Drive continuous process improvements for Cyber operations and benchmark them with industry standards

Project Management

• Design and implement BU level Cyber security projects as per the business requirements.
• Lead and manage projects that drive execution of security policy and validation of necessary controls.

Risk Management & Compliance

• Oversee deployment of strategic interventions to mitigate risks and address vulnerabilities.
• Forefront initiatives to monitor and drive adherence of Cyber operations to protocols, legal and regulatory compliances at group and business level.
• Build security reporting dashboards for capturing risk status of different systems.
• Revisit operations policies/ frameworks in accordance to changing business, technology landscape and regulatory environment.

Security Audit

• Plan and implement the internal audit of IT, OT, and business processes across the organization in collaboration with the Group and Business Audit and assurance counterparts.
• Ensure testing and evaluation of system controls, policies, and procedures as required.
• Empanel audit agencies for security audit and ensure audits are conducted as defined and co-lead interface with auditors.
• Monitor and track all security controls for potential issues, perform verification assessment of controls and determine and update necessary controls to ensure documentation in enterprise security plan.
• Identify and maintain a repository of leading security practices and standards used. Report on the implementation of leading practices and standards and map them to controls and metrics.
• Plan and comply application and infrastructure vulnerability assessment at business level including Operational Technology landscape.

Vendor-Partner Management and Engagement

• Track partner performance to ensure project delivery basis expected quality, timelines and budgetary considerations, and address non-performance; Conduct regular partner performance reviews based on project criticality.
• Manage escalations related to partner (non)performance, scoping issues, partner pay-outs.
• Cultivate strategic relationships with partners and effectively leverage them for value additions.
• Engage with partners on a frequent basis for a win-win relationship; Facilitate organization of capability road shows/ POCs by partners to increase partner engagement with the organization

People Management

• Working with Cyber, IT and OT teams
• Communication with sites.
• Coordination with other departments and functions
• Coordination with other organizations
• Dealing with service providers.

KRAs with Outcomes (Jobs which brings value to the organization)
Domain KRA (Key Result Ares) KPI (Key Performance Indicator)
Minimizing Business Impact Minimizing Business impact due to Cybersecurity issues.

• Business Loss due to Cybersecurity issues. (% of EBITDA)

Security Review Review of Service requests and New Projects w.r.t Cybersecurity

• Requests reviewed within SLA (%).
• Projects reviewed within SLA (%).

Ensure Compliance Compliance to Legal and Regulatory guidelines related to Cybersecurity

• Compliance to Legal and Regulatory guidelines. (% compliance against total requirements)
• Timely communication and co-ordination with the regulatory agencies (%).

Ensuring effectiveness of Security Controls Ensuring security controls are effective for endpoints, servers, and network.

• Ensuring Coverage of endpoint security agents (%)
• Ensuring Coverage of Server security agents (%)
• Ensuring policy review and other effectiveness measures of network security (%)

Vulnerability Remediation Closure of Identified vulnerabilities

• % Of Vulnerabilities closed as per policy requirement.

Cybersecurity Awareness To facilitate and nurture deep-rooted cybersecurity culture.

• To develop relevant processes and systems, and behavioral training to employees to sustain cybersecurity consciousness and culture in the businesses.

Cybersecurity governance Establish and manage governance in cyber security function

• Governance MIS report preparation and dissemination as per schedule

(% of reports sent as per schedule)
Incident Management Managing Cybersecurity incidents for the organization

• Response to Cybersecurity incidents as per established process and closure within SLAs.

(% of incidents closed within timelines)
Budget Governance Planning and managing the budget for the Cybersecurity function

• Adherence to the Planned budget

(% deviation from the approved figures)

Qualifications

Educational Qualification:

• Bachelor\xe2\x80\x99s Degree or equivalent in an IT or similar discipline from an institute recognized by UGC / AICTE.

Certifications:

• Professional Certifications like CISSP / CISM / CISA, ISMS Lead Implementor / IEC 62443.

Talent Leads Consultants