Job Description Template

Job Role ID: XXXXXXXX

Job Role Text: AVP/VP – G&RM

Sub-Functional Area Text: Cyber Security Governance, Strategy and Risk Management

Short Text (Maximum 400 characters)

This Job Role addresses the following activities.

• Management of Cyber Security Program for the Group
• Lead the Governance & Risk Management initiatives

Long Text (maximum 4000 characters)

Job Accountabilities (duties and responsibilities)

• Establishing an overall Cyber Security Strategy for the Group in alignment with the overall business and technology strategy and roadmap
• Overseeing Group’s Governance, Risk and Compliance initiatives
• Development and on-going maintenance of Information Security Policies and supported standards
• Devising new processes and help to implement and automate security frameworks and controls throughout our environment.
• Develop new frameworks and maturity models to improve the cyber security posture.
• Responsible for establishing programs to achieve Cyber resilience and Cyber security transformation.
• Driving Risk Reviews and provide security requirements for new initiatives. Where necessary, provide security requirements for new initiatives, perform and document gap analysis against such requirements.
• Drive IT Risk Assessments and Third-party Risk Assessment initiatives. Lead internal team that is responsible for performing and coordinating risk assessments.
• Promote a Cyber Security awareness culture by launching innovative Awareness improvement programs amongst users.
• Drive continuous improvement of our cyber security program by challenging its status quo, identifying areas of cyber risk and improvements, and following industry best practices.
• Develop and maintain a set of performance metrics to measure security control effectiveness and inform strategic decisions.
• Steering the Cyber Security Governance Meetings as per the cadence.
• Advise on GRC matters and recommend courses of action to the Head-Cyber Security.
• Manage and mentor the teams to develop knowledge GRC and other Cyber Security matters.

Skills Required (Knowledge and Skills)

Technical competencies:

• Governance, Risk and Compliance leadership experience in a large enterprise or fast-paced technology-centric enterprises is strongly preferred.
• Demonstrated expertise and leadership in Cyber Risk and Cyber Security programs and frameworks.
• Has deep experience engaging with senior executives and business leaders to navigate cybersecurity risk coupled with business outcomes.
• Experience in Management and Board reporting with attention to detail and focus on outcomes.
• Working knowledge in developing and reviewing Information security policies, practices, standards, and processes.
• Experience in driving benchmarking programs and extensive knowledge of ISO 27001, NIST CSF & PCI-DSS compliance requirements,
• Ability and passion to devise innovative threat modelling-based assessment models.
• Stays abreast of emerging cyber security threats and latest trends in Cyber Security
• Demonstrated capability in identifying areas of improvement as per global best practices.
• Stakeholder management experience with an ability to translate security and technical information into clear business language.

Non-technical competencies:

• Strategic thinker with a dynamic personality and holds an innovative mindset.
• Should be an exceptional leader, colleague, and mentor to the broader organization for which they serve
• Meticulous and methodical approach to documentation
• Excellent verbal and written English
• Experience of working with multi-faceted client base is preferred.
• Ability to work with calm and patience in high pressure situations in a dynamic environment.

Key Attributes (Experience and Qualifications)

• BE/B.Tech/ME/M.Tech/MCA/MS from a reputed/recognized institute
• 12-20 years’ experience in Cyber Security with a strong background of Governance, Risk and Compliance
• At-least 5 years of experience in managing and leading a team in GRC
• Experience in consulting or vendor environment would be an advantage.
• Excellent verbal and written communication skills and customer management skills
• Certifications such as CISM, CRISC, CISA, CISSP is preferred.