Job Description

Key Responsibilities:

-------------------------



1 Risk Management 1 Lead the identification assessment analysis treatment and management of security risks across the organization and its subsidiaries 2 Facilitate smooth conduct of Risk Assessment on different levels and functional verticals of the organization and subsidiaries 3 Collaborate with cross functional teams to mitigate risk develop risk treatment plans and monitor effectiveness of implemented controls and counter measures 4 Perform periodic risk reviews define establish and monitor key performance and risk indicators across subsidiaries to strengthen their information security posture 5 Report key risks and status of mitigation measures to leadership on a frequent basis 6 Lead the supplier information security risk assurance process for subsidiaries which involves Maintain an inventory of suppliers to be covered under Information security risk assurance process Categorize and prioritize the supplier s basis the nature of service provided level of access to Infosys client information network Due diligence Assess the supplier s information security posture to identify the relevant risks from the engagement Ensure that supplier contracts include Information security specific clauses like Confidentiality Incident reporting right to audit etc On going monitoring of supplier controls with the help of metrics annual assessment 2 Program Management 1 Lead manage and ensure the successful execution of large scale and small scale information security programs for subsidiaries 2 Create and implement project plans timelines budgets and resources ensuring delivery within scope and deadlines 3 Coordinate with multiple teams e g IT M A and Internal ISG Functions to ensure programs are executed effectively 4 Conduct risk based prioritization and manage the roadmap for security initiatives Skills and knowledge expectations Possess cross domain knowledge in various areas of Cyber Security such as but not limited to Information security concepts and principles including confidentiality integrity and availability of information Knowledge of Enterprise security architecture Security technologies Operating systems databases network applications

Preferred Skills:

---------------------


Foundational->Information Security->Governance Risk and Compliance, Audits , Workflow