Head IT Security

  • Navi Mumbai
  • 30-45 lakh
  • 12-17 years
  • 23 Feb 2015

  • Senior Management-Technology

  • IT/ Technology - Security
Job Description

Domain experience should be

Experience in banking, commerce and/or payments
Operations experience in e-commerce, digital marketing, or mobile payments environment

Functional Knowledge: Fraud Management

Expert understanding of potential technology risk issues in a payments organization and digital environments
Experience with regulatory requirements of MAS, HKMA, FSC, BI, and RBI

Ability to manage and influence key IT stakeholders at various levels within the organization, advise key IT stakeholders on pragmatic approaches to risk reduction
Strong communication skills

Technical Skills:

Relevant industry qualifications CISM/CISA/CISSP, CRISC, PMP, CBCP
In-depth knowledge and experience with Technology Risk Management, IT Governance and Info Security management frameworks COSO ERM, COBIT, Risk IT Framework, ISO 31000, ISO 2700x
Ability to direct teams in analysing processes and technology for potential fraud

Position Summary
Lead the Information Security Guidelines which ensures the validity and complete security of information coming into and flowing through and out of the organization

Role Description
Ensure the information security strategy enforces applicable local and regional regulatory requirements, and assess any new requirement that may be needed as a result of emerging regulations, with the support of Regulatory and Compliance teams.
Oversee the security due diligence process on IT and information security issues for all service providers and vendors
Develop, coordinate, publish, and maintain suitable procedures for handling cases of confidential information mismanagement, taking into account national legislation
Develop, coordinate, publish, and maintain the information security policies, standards, baselines and procedures based on the set of security policies and guidelines, as agreed by the business heads, so as to meet the companys legal and regulatory obligations
Ensure that there is a robust due diligence process that ensures information security requirements are adequately addressed in technology projects undertaken by or on behalf of the organization
Manage information security incidents and events that impact the organization or its customers, in close cooperation and coordination with the global teams responsible for crisis management and security incident response, as well as with the organizations senior management team
Ensure that information security awareness and training initiatives are implemented, and that the training meets the regulatory obligations

Supervisory responsibilities
Teams reporting to the Head Security would include separate specialists focused on information security of the product/application, real time transaction/data security and hardware security
Department size: Approximately 2-3 professionals