Job Description

1. Establishing and maintaining Technology Security Assurance program to protect CRISIL from external and internal attacks, in compliance to Information Security and Cybersecurity Policy, Common Security Standards, Technical Security Standards, Industry best practices and CISO Directives. 2. Responsible for identifying and preparing review plan for all the implemented Technology security solutions and relevant technology solutions. Responsible for publishing the review calendar to various stake holders in advance. These reviews shall act as the second line of defence for CRISIL Infosec activities, wherein any miss-outs that happened in the first line of defence gets notified. 3. Identify, evaluate, implement and operationalise necessary compensating controls through tools and practices. The tools include, but not limited to, AntiVirus, Anti Malware, Anti APT, EDR, DLP, IRM, MDM, DDoS protection, Proxy, IPS, Cloud security controls, SIEM, Honeypot solution etc. 4. Assisting CISO in reporting to CRISIL Management and IT Risk Committee the critical cyber security threats and vulnerabilities that CRISIL is exposed to, ensuring emerging cyber threats and the organisation?s preparedness in response to these threats are reported and discussed in the CRISIL IT Risk Committee. 5. Keep abreast with country specific cyber threats through maintaining close work relationship with regulatory agencies and CERT, attend RBI?s cyber events & trainings 6. Ensure CRISIL is adequately protected from all kinds of known threats, by ensuring timely & relevant review of technologies and processes, by providing actionable insights through reports and suggestions for resolving issues in the most cost effective way to make sure all the deployed tools are utilised to the fullest 7. Ensure Audit and Compliance issues are closed for Security Assurance domain in a timely manner 8. Responsible for managing vendors who support for various Security assurance tools and services, ensure timely and meaningful vendor reviews, SLA assurance and management 9. Ensure Tech Sec dash boarding and reporting with highest levels of integrity to portray the correct cyber security posture of CRISIL to the top management Education / Experience / Other Information ? Bachelor degree in Engineering or Graduation in Computer Science degree or equivalent degree ? 8-10 years? experience in information security, cybersecurity, technology security management in large multinational financial / technology institutions environment ? CISSP, CISA, OEM certifications etc will be an advantage. ? Hand-on experience on conducting audits of various tech sec tools, SIEM/SOC, VAPT process etc. ? Excellent verbal and written communication skills.

Zwayam