CISO for Business Unit- Chief information security officer- AVP/GM Level for Airports
1 Nos.
64183
Full Time
15.0 Year(s) To 20.0 Year(s)
70.00 LPA TO 80.00 LPA
IT Infrastructure & IT Security / Support
IT-Software/Software Services
B.Tech/B.E. - Computers; MBA/MMS/MPM/PGDM - Information Technology
Job Description:
Operational:
- Understanding business processes and assessing the criticality of the technological solutions being used to carry out business functions.
- Review business Level processes and new initiatives for Cyber security requirements and help in incorporating industry best practices.
- Continuously monitor and assess execution of security policy and validate necessary controls are in place.
- Support security governance processes and serve as cyber security interface to the business.
- Enable User education/ awareness on Cyber Policy and its enforcement.
- Identify, report service level attainment results, and highlight improvement opportunities.
- Drive continuous process improvements for Cyber operations and benchmark them with industry standards
Project Management
- Design and implement BU level Cyber security projects as per the business requirements.
- Lead and manage projects that drive execution of security policy and validation of necessary controls.
Risk Management & Compliance
- Oversee deployment of strategic interventions to mitigate risks and address vulnerabilities.
- Forefront initiatives to monitor and drive adherence of Cyber operations to protocols, legal and regulatory compliances at group and business level.
- Build security reporting dashboards for capturing risk status of different systems.
- Revisit operations policies/ frameworks in accordance to changing business, technology landscape and regulatory environment.
Security Audit
- Plan and implement the internal audit of IT, OT, and business processes across the organization in collaboration with the Group and Business Audit and assurance counterparts.
- Ensure testing and evaluation of system controls, policies, and procedures as required.
- Empanel audit agencies for security audit and ensure audits are conducted as defined and co-lead interface with auditors.
- Monitor and track all security controls for potential issues, perform verification assessment of controls and determine and update necessary controls to ensure documentation in enterprise security plan.
- Identify and maintain a repository of leading security practices and standards used. Report on the implementation of leading practices and standards and map them to controls and metrics.
- Plan and comply application and infrastructure vulnerability assessment at business level including Operational Technology landscape.
Vendor-Partner Management and Engagement
- Track partner performance to ensure project delivery basis expected quality, timelines and budgetary considerations, and address non-performance; Conduct regular partner performance reviews based on project criticality.
- Manage escalations related to partner (non)performance, scoping issues, partner pay-outs.
- Cultivate strategic relationships with partners and effectively leverage them for value additions.
- Engage with partners on a frequent basis for a win-win relationship; Facilitate organization of capability road shows/ POCs by partners to increase partner engagement with the organization
People Management
- Working with Cyber, IT and OT teams
- Communication with sites.
- Coordination with other departments and functions
- Coordination with other organizations
- Dealing with service providers.
KRAs with Outcomes (Jobs which brings value to the organization) | ||
Domain | KRA (Key Result Ares) | KPI (Key Performance Indicator) |
Minimizing Business Impact | Minimizing Business impact due to Cybersecurity issues. |
|
Security Review | Review of Service requests and New Projects w.r.t Cybersecurity |
|
Ensure Compliance | Compliance to Legal and Regulatory guidelines related to Cybersecurity |
|
Ensuring effectiveness of Security Controls | Ensuring security controls are effective for endpoints, servers, and network. |
|
Vulnerability Remediation | Closure of Identified vulnerabilities |
|
Cybersecurity Awareness | To facilitate and nurture deep-rooted cybersecurity culture. |
|
Cybersecurity governance | Establish and manage governance in cyber security function |
(% of reports sent as per schedule) |
Incident Management | Managing Cybersecurity incidents for the organization |
(% of incidents closed within timelines) |
Budget Governance | Planning and managing the budget for the Cybersecurity function |
(% deviation from the approved figures) |
Educational Qualification:
- Bachelor’s Degree or equivalent in an IT or similar discipline from an institute recognized by UGC / AICTE.
Certifications:
- Professional Certifications like CISSP / CISM / CISA, ISMS Lead Implementor / IEC 62443.
Key Skills :
Company Profile
Indian multinational conglomerate having business interest in multiple areas. Diversified organisation in India with market cap of over $100 billion (as on 5th April 2021) comprising 6 publicly traded companies. It has created a world class transport and utility infrastructure portfolio that has a pan-India presence.
Apply Now
- Interested candidates are requested to apply for this job.
- Recruiters will evaluate your candidature and will get in touch with you.