Asst Vice President- Information Security (IS) & Information Technology (IT) Governance Mahape Navi Mumbai

Job Description:

Job Description:

As a Senior Manager/AVP of IS & IT Governance, you will play a pivotal role in ensuring the effective governance, risk management, and compliance of the organization's information security and technology infrastructure. You will lead efforts to establish and maintain robust IT governance frameworks, policies, and procedures, ensuring alignment with industry best practices and regulatory requirements.

Roles & Responsibilities:

1. Governance Framework:

-       Develop and implement comprehensive IS & IT governance frameworks to guide decision-making processes.

-       Help drive the Governance activities across the Technology estate of the organization. Key areas of focus would be Change Management, Vulnerability & Patch Management, Obsolescence, Asset Management, BCP-DR, Training awareness, TPRA, timely response towards advisories/ compliance towards RBI advisories/ guidelines etc. 

-       Ensure alignment with organizational objectives, industry standards, and regulatory requirements. (Example: RBI, SEBI, CERT-IN, etc.)

2. Policy Development:

-       Formulate and enforce IT policies and procedures - covering areas such as information security, cyber security, data privacy & security controls, data classification, BCP-DR and IT Risk Management etc.

-       Regularly review and update policies/procedures to address emerging threats and technology trends.

3. Risk Management:

-       Lead risk assessments to identify and evaluate IT-related risks.

-       Assist the information security function in developing and maintaining the security and risk management program, including risk analysis process.

-       Implement risk mitigation strategies and monitor the effectiveness of risk controls.

-       Present dashboard to the management on periodic basis.

-       Review and track IT & IS exceptions, risks and exceptions and present to management.

4. Compliance Assurance:

-       Ensure compliance with relevant laws, regulations, and industry standards, be updated with the new/ changes in compliance requirements. Ensure required compliance within IT team.

-       Collaborate with business, legal and compliance teams to address regulatory requirements.

5. Audit and Assurance:

-       Coordinate with internal, external, RBI auditors related to IS & IT requirements.

-       Ensure timely submission of the artefacts/ evidences basis requirements.

-       Tracking, reporting and ensure compliance of observations/gaps raised by the auditors.

6. Security Oversight:

-       Provide oversight for information security programs and initiatives.

-       Participate in the implementation of all relevant projects and initiatives of the organization.

-       Coordinate and work with the Security Team, IT team and business stakeholders for Information Security and Governance related activities such as defining and updating metrics as and when required, implementation and enhancement of security measures/ controls, generating maturity score in lines with metrics, reporting strategies, follow-up of actionable, etc. that effectively communicate successes and progress of the security program.

7. Vendor Risk Management:

-       Review and update 3rd party audit checklists (on-boarding & off-boarding) based on the Regulatory requirements - RBI Circulars/ Guidelines, CERT-In, Industry events, Audit Recommendations, Process changes, etc. ensure holistic coverage should be factored.

-       Establish and enforce standards for 3^rd party vendor risk management.

-       Ensure master inventory of the critical vendors, data exchange flow, mechanism and any dependencies are thoroughly documented.

-       Review of the agreement with various 3^rd party vendors and ensure its compliance in line with IT & IS, Data Security Controls and in-line with regulatory guidelines.

-       Evaluate and monitor the security posture of external partners / vendors.

-       Ensure necessary documentation is in-line with regulatory requirements and industry best practices.

8. Training and Awareness:

-       Develop and deliver training programs to enhance IS & IT governance awareness across the organization.

-       Foster a culture of cybersecurity and compliance among staff.

9. Incident Response Planning & Response:

-       Develop and maintain incident response plans to address cybersecurity incidents promptly and effectively.

-       Conduct regular mock drills to test the organization's readiness.

-       Regulatory reporting and analysis.

10. Performance Metrics:

-       Define and track key performance indicators (KPIs) for IS & IT function.

-       Generate/Define reports for Senior Management on the effectiveness of governance controls.

11. Management Presentation:

-       Liaising with various internal stakeholders for preparing decks for various Board level committees.

-       Presenting to HDBFS Senior Management and various Board level committees.

-       Documenting the key points and minutes of the meetings of various committee meetings.

-       Tracking of actionable items from various committees of the organisation and ensure compliance/ logical closure for the same