Senior Manager – Information Security Officer

8 - 13 Years

Job Description

Designation : Senior Manager - Information Security Officer
Location : Gurgaon- HO
Department : Information Security

Position Summary

The Information Security Officer shall be senior level executive who shall be entrusted to drive the overall agenda of the Information & Cyber Security of the Company in accordance with the established policies and procedures & implement the information security programme through various initiatives by working closely with various stakeholder including external entities such as vendors / third parties and provide periodic updates to the Information Security Committee / senior management. This position shall also be responsible for managing the BCP and Crisis management program of the company. This position shall report to Chief Risk Officer.

Key Responsibilities

Information Security Program Leadership
Leading the Companys information security program.
Provide advice and support to management and information users in the implementation of Information and Cyber Security Policy.
Manage DPLI-wide information security governance processes, convene the Information Security Committee meetings and lead the Information Security liaisons in the establishment of an information security program and project priorities

Work closely with IT and other functional teams to:

o Monitor implementation of information security projects / tools / technologies of next generation such as but not limited to identity & access management (Network access, Privilege access, identity access, single sign-on, MFA, MDM) & Data protection (e.g. cryptography, cloud security etc.)
o Resolve & manage security issues that require an in-depth understanding of the IT environment.
Oversee the selection testing, deployment, and maintenance of security hardware and software products as well as outsourced arrangements

Policy, Compliance and Audit

Drive successful completion of Internal /External audits in the areas of Information & Cyber security
Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
Oversight on compliance with the changing laws and applicable regulations such as PCI, IRDAI, and Cert-FIN.
Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
Coordinate with Internal / external auditors, and outside consultants as appropriate on required security assessments and audits.

Risk Management and Incident Response

Perform information security risk assessments with respect to Companys functional security domains as well as 3rd party vendor environments on an ongoing basis and report any significant risks to the ISC / senior management.
Building Information & Cyber Security Risk metrics / dashboards & reports for parameters across various domains.
Manage the Information and Cyber Security policy & standards of the Organization, incorporate feedback on the implications of the policy from the senior management and other business units.
Control & facilitate the identification, response, investigation, remediation and reporting of information security incidents
Managing the advance threat protection & strengthen the cyber incidents response framework & capabilities
Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
Examine impacts of new technologies on the organizations overall information security.

BCP and Crisis Management

Responsible for the BCP program of the company
Ensure Business and IT Resilience goals are met through planning, development and timely review & testing of BCP and DR plans covering people, site, technology and vendor outage scenarios
Ensure high availability, architectural resilience & recoverability requirements are met for applications and IT Infrastructure as per agreed RTO /RPO driven from BIA
Conduct annual BCP Risk Assessment against technology, environmental and geo-political risks and advice senior management on BCP strategies to cover short to long outage scenarios for site/city /country
Govern planning, execution and reporting of BCP/ DR drills i.e IT resilience & application failover/DR tests, site outage & surprise remote working tests, call tree tests and table top exercises to meet regulatory and BCM policy requirements.
Lead Crisis Management team to respond to cyber crisis, environment disruptions & BC incidents affecting availability of people, IT infrastructure and facilities. Ensure timely and regular updates to business and senior stakeholders
Conduct periodic scenario-based simulation /table top crisis drills to evaluate and validate adequacy of Incident Management and recovery run-books/playbooks for multiple Cyber Risk events and emerging threats. Present the findings to Senior Management and follow-up on remediation /corrective actions
DR /BCP KPIs and Compliance Dashboards & Reports via self-service

Outreach, Education and Training

Promote user awareness initiatives within the organization develop and maintain IS policy, standards, procedures and guidelines to support the organizations information security program.

Transform the information security program into specific actions which shall include awareness, security infrastructure, security incident response and risk management. 
Create education and awareness programs and advise business units at all levels on security issues, best practices.

Qualification and experience:

Graduate/Post Graduate in CS/IT, CISA.
SABSA, CISSP, OSCP shall be the preferred

Key functional competency:

Sound knowledge of regulatory guidelines, legislations, statutory requirements and its application within the Company.
Good understanding of the information security principles, policies, practices and implementation of next generation technologies
Understanding of the nature of threats and risks to the Companys information assets
Ability to correlate information security issues & mitigation plan with the overall Companys strategy

Key personal competency:

Candidate should be good at project management, written and oral communication skills
Candidate shall have ability to collaborate with functional teams and work closely on information security initiatives

Salary: INR 17,00,000 - 25,00,000 P.A.


Functional Area:IT Software - Network Administration, Security

Role Category:Admin/Maintenance/Security/Datawarehousing

Role:System Security

Employment Type:Permanent Job, Full Time


Desired Candidate Profile

Please refer to the Job description above


UG:B.Tech/B.E. - Any Specialization

Company Profile

DHFL Pramarica Life Insurance Company

DLF Pramerica Life Insurance Company Ltd. (DPLI) is a joint venture between DLF Limited and Prudential International Insurance Holdings, Ltd. (referred to hereafter as 'PIIH'). PIIH is a fully owned subsidiary of Prudential Financial, Inc. (referred to hereafter as 'PFI').
The combination of the strength of the DLF brand and PFI's insurance expertise provide the strongest possible foundations for DPLI to succeed in the rapidly growing Indian life insurance market.
View Contact Details+

Recruiter Name:Shivani

Contact Company:DHFL Pramarica Life Insurance Company