Job Description

Responsibilities :11.1 Risk Management
11.1.1 Lead the identification, assessment, analysis, treatment and management of security risks across
the organization and its subsidiaries.
11.1.2 Facilitate smooth conduct of Risk Assessment on different levels and functional verticals of the
organization and subsidiaries.
11.1.3 Collaborate with cross-functional teams to mitigate risk, develop risk treatment plans, and monitor
effectiveness of implemented controls and counter measures
11.1.4 Perform periodic risk reviews, define, establish and monitor key performance and risk indicators
across subsidiaries to strengthen their information security posture.
11.1.5 Report key risks and status of mitigation measures to leadership on a frequent basis.
11.1.6 Lead the supplier information security risk assurance process for subsidiaries, which involves:

• Maintain an inventory of suppliers to be covered under Information security risk assurance process.
• Categorize and prioritize the supplier's basis the nature of service provided, level of access to

Infosys/client information, network.

• Due diligence: Assess the supplier's information security posture to identify the relevant risks from

the engagement.

• Ensure that supplier contracts include Information security specific clauses like Confidentiality,

Incident reporting, right to audit etc.

• On-going monitoring of supplier controls with the help of metrics, annual assessment.

11.2 Program Management
11.2.1 Lead, manage, and ensure the successful execution of large-scale and small-scale information security
programs for subsidiaries
11.2.2 Create and implement project plans, timelines, budgets, and resources, ensuring delivery within scope
and deadlines
11.2.3 Coordinate with multiple teams (e.g., IT, M&A and Internal ISG Functions) to ensure programs are
executed effectively.
11.2.4 Conduct risk-based prioritization and manage the roadmap for security initiatives.
2. Skills and knowledge expectations:
Possess cross-domain knowledge in various areas of Cyber Security such as, but not limited to:
12.1. Information security concepts and principles, including confidentiality, integrity and availability
of information.
12.2. Knowledge of Enterprise security architecture (Security technologies, Operating systems,
databases, network, applications)Preferred Skills :Foundational->Information Security->Governance Risk and Compliance, Audits , WorkflowEducational Requirements :Bachelor of EngineeringService Line :Information Security Group