Job Description

Designation:

Manager

Updated:

February 21, 2025

Location:

Maharashtra, India

Organization:

Apparels

:

####

Job Purpose

This role will focus on assessing the effectiveness of our cybersecurity programs and governance frameworks, with a particular emphasis on Application Security, ISO 27001 compliance, and a strong understanding of key cybersecurity frameworks. The ideal candidate will have a comprehensive understanding of both technical security measures and governance practices, enabling them to perform critical risk assessments, ensure regulatory compliance, and enhance our organization's security posture.

####

Job Context & Major Challenges

Aditya Birla Fashion and Retail Ltd. (ABFRL) emerged after the consolidation of the branded apparel businesses of Aditya Birla Group, comprising ABNL's Madura Fashion division and ABNL's subsidiaries Pantaloons Fashion and Retail (PFRL) and Madura Fashion & Lifestyle (MFL), in May 2015. Post- consolidation, PFRL was renamed Aditya Birla Fashion and Retail Ltd.




Aditya Birla Fashion and Retail Limited (ABFRL) is India's first pure-play fashion powerhouse with an elegant bouquet of leading fashion brands and retail formats. The Company has a network of 4,190 stores across approximately 37,352 multi-brand outlets with 9,466 points of sales in department stores across India (as on 30 Jun 2024).



ABFRL's Madura Fashion & Lifestyle Brands are home to some of India's most loved brands--Louis Philippe,Van Heusen, Allen Solly, Peter England, Reebok, Forever 21, Simon Carter, and American Eagle--that cater to India's premium consumers. With their signature styles, high quality products and differentiated in-store experience, these brands have garnered immense customer loyalty and recall.



As a playground for fashion, Pantaloons offers a wide variety of styles across categories and occasions. The brand speaks to the ever-evolving millennial customer of today who is confident and expressive. Be it through the physical retail experience or online, the Pantaloons experience is exciting, friendly, and uplifting. With a vibrant, expressive, and fun-loving approach to style, the brand seeks to enable the customer to be their fashionable best.



ABFRL cater to the contemporary customer who is aware of international trends. Our international business includes, 'The Collective' - India's largest international multi-brand retailer, select brands such as Ralph Lauren, Hackett London, Ted Baker and Fred Perry.



Van Heusen Innerwear, Athleisure and Active wear is establishing itself as India's most innovative and fashion forward brands launched in the 2016, aiming to redefine the category codes in the mid premium segment.



In addition, to cater to the needs of digitally native consumers, ABFRL is building a portfolio of Digital-first brands under its technology led 'House of D2C Brands' venture TMRW.



The Company's foray into the branded ethnic wear business includes brands such as Sabyasachi, 'S&N' by Shantnu & Nikhil, Tasva, House of Masaba, Jaypore, and Marigold Lane. The Company has strategic partnerships with Designers 'Sabyasachi', 'Shantanu & Nikhil', 'Tarun Tahiliani' and 'Masaba Gupta'. Each represents a harmonious blend of traditional elegance and contemporary style, reflecting India's rich heritage and craftsmanship. This division is committed to delivering exceptional quality and unique designs, meeting the aspirations of ethnic wear connoisseurs

Job context:




. In-depth knowledge of ISO 27001 standards, with hands-on experience in ISMS implementation and audits.

. Familiarity with other cybersecurity frameworks such as NIST CSF, CIS, SOC 2, and GDPR compliance.

. Experience in application security, including secure coding practices, code reviews, and penetration testing for web and mobile applications.

. Strong understanding of security tools, vulnerability assessment, risk management, and threat modeling methodologies.

. Knowledge of cloud security best practices (AWS, Azure, GCP) and secure cloud application deployments.

. Strong analytical and problem-solving skills, with the ability to communicate complex technical issues clearly to non-technical stakeholders.

. Professional certifications such as CISSP, CISA, ISO 27001 Lead Implementer/Lead Auditor, Certified Ethical Hacker (CEH), or similar are preferred

####

Key Result Areas

KRA (Accountabilities) (Max 1325 Characters)

Supporting Actions (Max 1325 Characters)

KRA1 Training & Awareness o Conduct security awareness training for internal teams on application security, data protection, and regulatory compliance.

o Promote cybersecurity awareness across the organization and collaborate with key stakeholders to ensure adherence to security policies.


KRA2 Application Security o Work closely with development teams to ensure security best practices are integrated into the software development lifecycle (SDLC), with an emphasis on application security (e.g., secure coding practices, code reviews, security testing).

o Perform security reviews of applications, identifying and mitigating security vulnerabilities such as OWASP Top 10 risks.

o Collaborate with the application development team to provide guidance on secure software design and implementation.

o Evaluate third-party application security risks and collaborate with vendors on mitigating identified vulnerabilities.


KRA3 Governance & Compliance o Lead the development, implementation, and maintenance of ISO 27001-based Information Security Management System (ISMS) to ensure compliance with industry standards and regulatory requirements.

o Coordinate and assist in ISO 27001 audits, prepare documentation, and ensure continual improvement of the ISMS.

o Oversee compliance with various cybersecurity frameworks (e.g., NIST, CIS, SOC 2, etc.) to align with best practices and industry standards.

o Create and maintain policies, procedures, and documentation related to cybersecurity governance and compliance.

o Support the creation of audit reports, risk assessments, and mitigation strategies.


KRA4 Cybersecurity Assessment & Risk Management o Perform cybersecurity assessments, focusing on identifying risks, vulnerabilities, and gaps in the security posture, especially in applications.

o Develop and execute comprehensive security assessments, including penetration testing, vulnerability assessments, and threat modelling o Conduct regular risk assessments to evaluate the effectiveness of cybersecurity controls and compliance with internal and external standards.

o Analyze and assess risks in applications, including web, mobile, and cloud-based applications

Qualifications:

Under Graduate

Minimum Experience Level:

5-10 Years

Report to:

Assistant Vice President