Job Description

JOB DESCRIPTION

Basic Information

Position Title

CISO

Internal Designation

AVP

Job Role

Chief Information Security Officer

Reporting to

Chief Risk Officer

Sub LOB / Department

Risk Management

Location

Mumbai

Total Headcount (Direct) Supervised

2

Total Headcount (Direct / Indirect) Supervised

3

Job Purpose

• The role is responsible for articulating and enforcing policies to protect organization information assets against internal and external threat

Key Responsibilities

Responsibilities

• To identify information security goals/ objectives and also define the scope and boundaries of the information security and cyber security program
• To plan and establish organization-wide Information security Management System (ISMS) in accordance with ISO/IEC 27001 Standard and other relevant security standards
• To ensure all infosec and cyber security framework/ policies are deployed, revised, sustained, and overseen effectively with the objective to comply with regulatory requirements and internal standards
• To ensure resources are prioritized and allocated efficiently for secured protection of organization assets
• To ensure all of the information and cyber security initiatives/programs run smoothly and get the funding they need
• To work closely with functional teams and non-technical leadership to articulate IT security and technical issues in a non-threatening, clear and actionable manner
• Define information security measurement metrics and other key performance indicators and report key risks to RMC/MRC

Specific Authorities( Financial & Non Financial)

• NA

Key Performance Indicators

• Annual infosec review as per plan - 100%
• Compliance to IRDAI requirements - >96%
• No major non conformance with respect to information security implementation

Job Requirements

Qualifications

Preferred MBA with Engineering Background/CA, Risk certifications like FRM/PRM

Experience

More than 10 years of relevant experience

Functional Competencies

• Knowledge of information Security and IT standards (COBIT, ITIL, ISO 27001 etc.)

• Certified Risk Professional (CISA, CISSP, CISM, ISACA etc.)

• Understanding of insurance business / products / regulatory norms

• Conversant with IT Security tools

Behavioral Competencies

• Collaboration

• Business Acumen

• Growth through differentiation

Key Interactions

Internal

Nature or purpose of interaction

• IT and other functions

• To work closely with IT and business stakeholder for infosec compliance

External

Nature or purpose of interaction

Group Infosec

• To understand infosec practice in other SBUs for benchmarking and also time to time engagement on security tools, best practices

Regulator

• To understand amendments to existing guidelines and response for its implementation

Documented By

Approved By

CRO

HR certification By

HR-BP

MI 10 HUMAN RESOURCES