CISO - Tata Housing

To manage and oversee the information security of TCHFL, inclusion its systems and data. Assure that information created, acquired or maintained by TCHFL and its authorized users, is in accordance with its intended purpose and complies with statutory and regulatory requirements regarding information access, security and privacy in order to protect TCHFL’s information and its infrastructure from external and internal threats.

Main Accountabilities

Information Security Framework

·         Develop, update and drive the policies, processes, systems, guidelines & best practices related to information security to protect TCHFL’s sensitive information and assets.

·         Establish & monitor the governance structure for data storage, usage & access control.

·         Establish and communicate organizational cybersecurity policy.

·         Developing information security roadmaps, business cases and reviewing remediation plans

Risk Management

·         Conduct regular risk assessments to identify potential security threats and vulnerabilities and develop strategies to mitigate these risks.

·         Support in performing information security risk assessments for all new projects/ business initiatives and prepare risk report for stakeholders involved to ensure that those are taken into consideration during implementation.

·         Ensure compliance with relevant laws, regulations, and industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR).

·         Develop processes and frameworks to measure information security compliance level of the organization to ensure all external and internal policies are adhered to

Incident Reporting and Response System

·         Develop an information security incident monitoring and reporting system to continuously monitor information security breaches, policy violations or complaints from external and internal parties.

·         Lead incident response efforts in the event of a security breach, and work with law enforcement and other relevant organizations to investigate and resolve the incident.

·         Investigate potential privacy incidents, complaints or breaches, including notifications to authorities and other resolution efforts.

·         Conduct internal line of duty investigations and analyse the findings of investigations and recommend incorporation of suitable changes in the action plans and policies/ systems

Team Management

·         Provide guidance for the development of L&D programs to enhance capabilities/ bridge identified gaps of employees in team

·         Develop career development and succession plans for critical positions and roles within team

·         Participate in selection process to identify the right talent for senior positions within the team