Roles and Responsibilities:-
Maintenance:
• Ensure Review of policies and procedures on a periodic basis or whenever there is change and place it for Management approvals to board on a timely fashion
• Preparation of architectural diagrams and technical documentations for audit and regulatory purposes along with stakeholders .
• Ensure the Business Impact Assessment of new businesses, applications etc.
• Ensure Risk assessments for all IT assets and processes periodically and ensure RA/ RT is in place.
• Run project management for implementation of various security controls by liaising with different teams.

Monitoring and Guidance:

• Exception management, review (periodic) controls, analyse and make appropriate recommendation
• Provide guidance to the stakeholders with respect to the contractual obligation on IT policy management and process implementations.
• Provide guidance to stakeholders on Periodic updates to BCP strategy, liaising with teams to perform drills etc. Guide team members on planning Phishing and other information security drills.
• Evaluation of vendors, review of internal tool reviews for SRE /Engg. teams/ functions from Data security angle Regulatory and Compliance audits:
• Interpret IT control requirements from regulatory guidelines and circulars and prepare a detailed framework for implementation and Advisory on implementation of information security controls
• Ensure that IT regulatory requirements are tracked and continuously monitored.
• Plan audit calendars and schedule the same.
• Manage all internal and external audits related to IT and Non IT .
• Fore fronting all the audits and act as POC for all escalations for any audit related activities
• Liaise with auditors to explain infosec posture, org structure, provide technical architecture overview, process understanding on IT controls etc.
• Support management to provide audit finding responses, implementation of controls as per audit recommendations etc and ensure all IT audit observations are taken to closure

Role Requirements:-

• 6 to 8 years of work experience, BE/Btech + CISA /CISSP preferred.

• Has high ethical standards.
• Has an analytical mind able to “see” the complexities of procedures and regulations.
• Demonstrate the ability to plan and execute projects with minimal management support.