Vistaar Financial Services - Chief Information Security Officer

Job Purpose

The Chief Information Security Officer (CISO) is responsible to coordinate locally on the application of group cyber security policies and standards in line with local regulation with the ultimate goal of protecting business functions, systems and data.

The CISO is responsible for implementing, enhancing and overseeing the information security framework locally with strong synchronization with regional Cybersecurity experts.

Responsibilities

The CISO will be directly responsible for cybersecurity for India Securities, and provide support as needed for the Responsibilities Security Strategy :

• Develop and implement an organization-wide information security strategy and vision.
• Align information security initiatives with business goals and objectives.
• Stay abreast of emerging threats and technologies to adapt the security strategy and Board Presentation :
• Participate in a senior management meeting
• Present to board on security strategy and vision.
• Present to the risk committee on risk and mitigation plan.
  
  

Risk Management

• Identify, assess, and prioritize information security risks.
• Develop and implement risk mitigation strategies.
• Establish risk management frameworks and Policies and Procedures :
• Develop, implement, and enforce information security policies and procedures
• Ensure compliance with relevant laws, regulations, and industry standards
• Promote security awareness and education throughout the Response and Management :
• Develop and maintain an incident response plan.
• Lead and coordinate responses to security incidents
• Conduct post-incident reviews and implement Architecture :
• Design and implement a robust information security architecture
• Evaluate and select security technologies and tools
• Ensure the integration of security measures into the organization's IT Awareness and Training :
• Develop and implement security awareness programs for employees
• Provide training to staff on security policies and best and Third-Party Risk Management :
• Assess and manage the security risks associated with external vendors and third-party relationships
• Ensure that third-party contracts include appropriate security :
• Monitor and ensure compliance with relevant data protection and privacy laws.
• Coordinate with legal and compliance teams to address regulatory Audits and Assessments :
• Conduct regular security audits and assessments
• Ensure the effectiveness of security controls and Governance :
• Establish and chair a security governance committee
• Report regularly to executive leadership and the board on the state of information and Resource Management :
• Develop and manage the information security budget
• Allocate resources effectively to support security and Communication :
• Collaborate with other senior executives to integrate security into overall business strategies
• Communicate effectively with stakeholders about the importance of information Requirements :
  
  

A Bachelor's Degree In Computer Science, Information Technology, Cybersecurity. Knowledge / Certification On Digital Personal Data Protection (DPDP) Act, 2023 Of India And The Regulatory Expectations Around It As Applicable To RBI Regulated Entities (REs) Such As Banks, NBFCs, Fintechs, Payment System Operators,

• 5+ years of experience Competencies :
• Solid understanding of information security concepts, frameworks, standards and best practices, strong understanding of IT infrastructure and IT applicative framework architectures.
• Proven ability to interact with regulators and other external parties on information security matters,
  
  

Knowledge and understanding of the cyber threat landscape and the cyber threat intelligence lifecycle, as well as the tools, methods, and frameworks for cyber threat intelligence collection, analysis and dissemination

• Familiarity with the cyber threat actors, TTPs, and challenges specific to the India region, as well as the regulatory and legal requirements and standards for cybersecurity and data protection in the Competencies :
• Strong partner orientation - strive to satisfy board members / clients / internal partners while taking into account risks for the company. Ability to communicate clear vision and strategy.
• Risk Awareness and constant strive to identify new risks and ability to put forward convictions and make decisions with courage.
• Communication and Presentation Skills, continuous learning, collaboration, resilience, problem solving and Leadership.
• Understanding and alignment to NBFC and BFSI Interactions :
• Nature or purpose of All Branch Employees
• Functional requirement for compliance related issues.
• HO Functional employees ( Work relating to hiring, training, technology related points, Operations related :
• Nature or purpose of Board of Directors
• For reporting as :
• Functional work as applicable
  
  

(ref:hirist.tech)