The candidate shall be responsible for the following:Information Security Program Leadership:
- a) Align closely with the business objectives and strategy of the company.
- b) Provide advice and support to management and information users in the implementation of Information and Cyber Security Policy.
- c) Manage DPLI-wide information security governance processes, convene the Information Security Committee meetings and lead the Information Security liaisons in the establishment of an information security program and project priorities
- d) Align closely with IT and other functional teams to:
- a. Monitor implementation of information security projects / tools / technologies of next generation such as identity & access management (Network access, Privilege access, identity access, single sign-on, MFA, MDM) & Data protection (e.g. cryptography, cloud security etc.)
- b. Resolve & manage security issues that require an in-depth understanding of the IT environment.
- e) Oversee the selection testing, deployment, and maintenance of security hardware and software products as well as outsourced arrangements
- a) Responsible for all compliance and audits whether regulatory, internal or external from IT side, be a representative, at regulator and industry forums.
- b) Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- c) Oversight on compliance with the changing laws and applicable regulations such as PCI, IRDAI, and Cert-FIN.
- d) Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- e) Coordinate with Internal / external auditors, and outside consultants as appropriate on required security assessments and audits.
- a) Perform information security risk assessments with respect to Company's functional security domains as well as 3rd party vendor environments on an ongoing basis and report any significant risks to the ISC / senior management.
- b) Building Information & Cyber Security Risk metrics / dashboards & reports for parameters across various domains.
- c) Manage the Information and Cyber Security policy & standards of the Organization, incorporate feedback on the implications of the policy from the senior management and other business units.
- d) Control & facilitate the identification, response, investigation, remediation and reporting of information security incidents
- e) Managing the advance threat protection & strengthen the cyber incidents response framework & capabilities
- f) Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
- g) Examine impacts of new technologies on the organization's overall information security.
BCP and Cyber Crisis Management
- a) Responsible for the BCP program of the company
- b) Ensure Business and IT Resilience goals are met through planning, development and timely review & testing of BCP and DR plans covering people, site, technology and vendor outage scenarios
- c) Ensure high availability, architectural resilience & recoverability requirements are met for applications and IT Infrastructure as per agreed RTO /RPO driven from BIA
- d) Conduct annual BCP Risk Assessment against technology, environmental and geo-political risks and advice senior management on BCP strategies to cover short to long outage scenarios for site/city /country
- e) Maintain and test the cyber crisis management plan to respond to cyber crisis, including threat intelligence services, detection, containment, response, recovery, forensic investigation root cause analysis.
- f) Conduct periodic scenario-based simulation /table top crisis drills to evaluate and validate adequacy of Incident Management and recovery run-books/playbooks for multiple Cyber Risk events and emerging threats. Present the findings to Senior Management and follow-up on remediation /corrective actions
- g) DR /BCP KPIs and Compliance Dashboards & Reports via self-service
- a) Promote user awareness initiatives within the organization develop and maintain IS policy, standards, procedures and guidelines to support the organizations' information security program.
- b) Transform the information security program into specific actions which shall include awareness, security infrastructure, security incident response and risk management.
Perks and BenefitsNegotiable
Salary: INR 7,00,000 - 9,00,000 PA.
Desired Candidate Profile
Pramerica Life Insurance Limited
Recruiter Name:Pooja Tiwari
Contact Company:Pramerica Life Insurance Limited