About the job
Role Description: IS Security
The Head of Information Security is responsible for establishing and maintaining a groupwide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the enterprise risk management.
This position requires an individual with sound knowledge of business management and hands-on experience in various aspects of information security. The Head of Information Security will proactively work with the all business units of IFFCO and Corporate to implement practices that meet defined policies and standards for information security. He/She is responsible to oversee IT security operational activities across the Group. The Head of Information Security is also responsible for implementing and governing IT General Control across the IFFCO group.
The role reports into Director – Infrastructure & Security.
Role Details – Key Responsibilities and Accountabilities:
The Head of Information Security is composed of various of responsibilities, including strategic, tactical, and operational activities in support of the overall organization’s strategy.
- Information Security Strategy, Planning and Governance
- Information Security Risk and Control Management
- Information Security Projects execution
- Information Security Operations Management (SOC)
- Develop, implement and monitor a strategic, comprehensive enterprise information security and support risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization
- Develop, maintain and publish up-to-date information security policies, standards and
- Oversee the approval, training, and dissemination of security policies and practices.
- Liaise with the Infrastructure and Application teams to ensure alignment between the security and enterprise IT application’s architecture, thus coordinating the strategic planning implicit in these architectures.
- Experienced in designing the IT General Controls and implementing across IFFCO group. Experienced SAP & SAI GRC is an added advantage.
- Create and manage information security and cyber risk management awareness training programs for all employees, contractors and approved system users.
- Develop a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
- Provide regular reporting on the current status of the information security program and ITGC controls to enterprise risk teams, senior business leaders.
- Provide Third-party risk assessments for various IT vendors and Products, and issue security schedules.
- Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
- Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
- Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
- Provide strategic cyber risk guidance for technology projects, including the evaluation and recommendation of technical controls.
- Liaise among the information security team and corporate compliance, audit, legal and human capital teams as required.
- Manage security incidents and events to protect corporate technology assets, including intellectual property, regulated data and the company’s reputation.
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
- Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
- Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
- Mentor and coach direct reports ensuring success in their role and readiness for success into new roles within the information security function
- Manage the enterprise’s information security organization, consisting of direct reports and indirect reports (such as individuals in technology operations or managed service providers). This includes hiring, training, staff development, performance management and annual performance reviews.
- Develop self and others within the function through mentoring, training and engagement in talent development activities
Technical Skills Required
- Cloud security experience – Azure security certifications is added advantage.
- SOC/Security Incident Management experience – CISM/Similar certification is added advantage.
- Network security experience – Firewalls, IPS log analysis
- Data Security experience – AIP, CASB, DLP, Intune etc
- Preventive/Detective security tools – SIEM, xDR, EDR etc
- Experienced in handling internal and external audits and IT General Controls.
- A minimum of 12 years of professional IT Risk and Security related experience
- Expertise and experience in implementing & monitoring Information Security controls, practices and technology for multiple levels within an organization, cascade, and plan Training sessions as and when needed.
Posted on Sep 12, 2023.