Head of Information Security needs to be a thought leader in the area of information and payment security. Reporting to the Head of Risk, this role will be responsible for establishing strategy and implementing and monitoring information security standards and policies with in the organisation.
Lead the Information Security function which ensures the validity and complete information security of information coming into and flowing through and out of the organization and its payment applications.
Build Sound business leaderships across the enterprise to enable a strong understanding and close alignment with business needs, direction, and risk appetite. Should be able to add business value and enable business
Ensure that information security and payment related risks is adequately represented on relevant business and governance forums
Ensure the information security strategy enforces applicable local and regional regulatory requirements, and assess any new requirement that may be needed as a result of emerging regulations, with the support of Regulatory and Compliance teams.
Develop, coordinate, publish, and maintain the information security policies, standards, baselines and procedures based on the set of security policies and guidelines, as agreed by the business heads, so as to meet the companys legal and regulatory obligations.
Ensure that all the applications/ systems and information security program are in compliance with applicable laws, regulations and guidelines (such as RBI mandated or PCI DSS mandated or others as required)
Drive and maintain information security management system to identify, quantify, catalogue, and remedy information risk across the enterprise, escalating where necessary.
Ensure that there is a robust due diligence process that ensures information security requirements are adequately addressed in technology projects undertaken by or on behalf of the organization
Develop and maintain and effective information security and payment security architectural approach, ensuring that the approach is implemented in accordance with appropriate standards.
Oversee the close management and analysis of security information and events. Ensure processes are in place to respond to security incidents.
Manage information security incidents and events that impact the organization or its customers, in close cooperation and coordination with the teams responsible for crisis management and security incident response, as well as with the organizations senior management team.
Develop, coordinate, publish, and maintain suitable procedures for handling cases of confidential information mismanagement, taking into account national legislation
Lead programs and processes to monitor emergence of new threats and vulnerabilities, accessing impacts and driving responses as appropriate.
Ensure that information security awareness and training initiatives are implemented, and that the training meets the regulatory obligations
Proven experience with current IT security and payment security technologies
Manage the creation and production of timely, accurate, and informative business and Information Security Metrics relating to Information risks.
Oversee the security due diligence process on IT and information security issues for all service providers and vendors
Demonstrate consultative approach to driving change and deploying controls
Knowledge of technological trends and developments in the area of information security and payment security/ risk management.