Job Description
Chief Information Security Officer-(2400005109)Job:TechnologyPrimary Location:Asia-India-MumbaiSchedule:Full-timeEmployee Status:PermanentPosting Date:24/Apr/2024, 4:15:47 AMUnposting Date:OngoingRole Responsibilities
Strategy
- Identify and independently drive strategic change initiatives to deliver on the ICS agenda with a forward-looking view.
- Develop insightful strategies for engaging business on information security matters, ensure investments are prioritised and funding is approved.
- Support delivery of the Bank’s enterprise wide risk management plan and strategy.
- Work with application development organisations to assist in the development of strategies and plans for improving both Architecture and application security.
Business
- Ensure ICS risks in the respective market are proactively managed and effectively controlled, mitigated and remediated with senior stakeholder’s support and buy-in, in line with Group, Region, Country, Business/Function risk appetite and regulatory driven requirements.
- Assist in establishing priorities in partnership with the C-level Management and take responsibility for resolving security issues.
- Ensure that the management of ICS risk is effective and operating efficiently in the respective business / function / region
- Assist in driving security culture/awareness and help improve readiness for a cyber event.
- Ensure information risks are identified, assessed, mitigated and controlled.
- Ensure Critical Information Assets are identified and graded appropriately. Monitor changes in the risk profile of the highly critical systems.
- Work with IT to validate the resilience of data and IT systems.
- Support Group initiatives ensuring the respective business / function / region needs are represented effectively.
- Face off to the ICS subject matter experts in Group Business lines.
Processes
- Drive the continuous improvement of practices.
- Drive the implementation of the ICS agenda for the respective business / function / region by working with the respective Business/Function Heads, Region / Country Management Team, C-level Management /CIO teams, ISOs and senior ICS leadership.
- Manage ICS risk remediation initiatives and activities including incident responses, crisis exercises, risk assessments, stress testing, regulator engagement.
- Drive the implementation of the ICS RTF in in the respective business / function / region with a focus on key countries. The plan will incorporate digital footprint discovery, threat/risk assessment, definition and implementation of controls as guided by the ICS RTF.
People & Talent
- Maintain strong stakeholder engagement and serve as the business-facing lead with Group, Regional and Country IT, Business/Function, C-level Management, ISOs, Risk & Control stakeholders to bring alignment across stakeholder groups in conjunction with ICS risk management.
- Collaborate with Corporate Communications, threat intelligence and other functions to lead and coordinate the information security change management effort around branding, communications, staff awareness and training.
- Maintain relationships with key service and product owners within Security Technology Services / Cyber Security Services to keep abreast of changes that may affect ICS’s risk landscape.
- Help to interpret and translate the ICS requirements of the ICS programmes into technical requirements when needed.
- Engage external agencies / third parties to understand the threat environment and reported events; assess impact for the respective business / function / region.
Risk Management
- Drive compliance with Group policies standards, and local regulatory requirements.
- Work closely with CISRO, Regional ISO, Country ISO, Head of ICS Governance, TISO, Business and C-level Management to provide oversight, governance and monitoring, and work with various delivery owners to embed the ICS RTF.
- Understand and assess the impact of changes in the policy or procedures on the respective business / function / region and engage with the respective business / function / region Heads to ensure the impact is understood.
- Recommend additions/enhancements/changes to the ICS policy, procedures, and RTF.
Governance
- Monitor ICS risk profile and posture and report any non-compliance to senior management or governance committees.
- Participate and represent the respective business / function / region in Risk Committees, ICS working groups, Programme Steer Cos etc. to provide updates and influence positive outcomes for the Business/Function/Region/Country.
- Validate the accuracy and consistency of KRIs, KCIs and other risk ratings/assessments, as well as process designs using available MI.
- Support the Third-Party Security Assessment team during 3rd party reviews.
- Help design and embed ICS RTF controls in ORF across the respective business / function / region
Regulatory & Business Conduct
- Display exemplary conduct and live by the Group's Values, Valued Behaviours, and Code of Conduct
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.
- Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.
Key stakeholders
- CISO, WRB and Markets
- Region CISO
- Market C-level Management and CIO
- ICS Control owners
Our Ideal Candidate
- Education - Degree in Engineering, Computer Science/Information Technology or its equivalent.
- Training
- Strong knowledge of ICS products and operations will be preferred.
- Ability to articulate gross and residual risk with specific ability to communicate complex technology and process risk clearly, concisely and accurately to non-technical stakeholders in a lucid way.
- Strong interpersonal and stakeholder management skills, across various levels in the organization including senior leadership teams, in influencing key decisions taken in the business and in support teams.
- Strong communication skills – oral, written and presentation. Sound knowledge of MS-Excel, PPT, and Word.
- Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision.
- Strong analytical skills and ability to prioritise, make decisions, and work to tight timeframes.
- Strong business acumen and deep knowledge and experience in the ICS field.
- Proven ability to lead highly complex, global activities through influence and credibility rather than command and control.
- Ability to both assess strategic priorities and to focus on detailed aspects of a function in order to drive effective delivery.
- Strong integrity, independence, and resilience.
- Certifications
- One or more of the following certifications will be preferred:
- Certified Information Security Manager (CISM)
- Certified Information Systems Sec
Job Details
- Job Location
- India
- Company Industry
- Other Business Support Services
- Company Type
- Unspecified
- Employment Type
- Unspecified
- Monthly Salary Range
- Unspecified
- Number of Vacancies
- Unspecified