Key Responsibilities

• Develop and maintain the technology and information security risk management frameworks, policies, and standards, in

alignment with the RBI regulations and the company's business objectives and risk appetite.

• Establish and oversee the technology and information security risk governance structure, processes, and committees,

ensuring effective coordination and communication among the relevant stakeholders.

• Conduct and facilitate regular technology and information security risk assessments, audits, and reviews, identifying and

evaluating the current and emerging risks, and recommending appropriate mitigation strategies and action plans.

• Monitor and report on the technology and information security risk profile, performance, and compliance, using relevant

metrics, indicators, and dashboards, and escalating any issues or incidents to senior management and regulators as required.

• Provide guidance and support to the business units and functions on the implementation and adherence of the technology

and information security risk management frameworks, policies, and standards, as well as the resolution of any risk issues

or gaps.

• Take active part in operational security with his/her technical skills

• Contribute to the Information Security Awareness program through workshops and simulation activities

• Manage and develop the technology and information security risk governance team, ensuring adequate resources, skills, and

competencies.

• Keep abreast of the latest developments and trends in technology and information security risk management and provide

thought leadership and best practices to the organization.

Education Qualification(s) • B.E./B.Tech in computer science, information technology, or a related field

Relevant Skills & Experience • A bachelor's engineering degree in computer science, engineering, information

systems, or a related field.

• A minimum of 7 years of experience in technology and information security risk

management, preferably in the financial sector.

• Should have certifications like CISA, CISM, CRISC, CISSP, ISO 27001:2013/2022

Lead Auditor/Implementer, or equivalent.

• Technical skills on DLP, MDM/MAM, AntiVirus, Patch Management, Vulnerability

Assessment and Penetration Testing will be added advantage

• A strong knowledge of RBI regulations and guidelines on technology and information

security risk management, as well as other relevant industry standards and best

practices.

• A proven track record of leading and managing technology and information security

risk governance projects and initiatives, including risk assessment, mitigation,

reporting, and auditing.

• A high level of analytical, problem-solving, and communication skills, with the ability

to present complex technical and risk issues to senior management and stakeholders.

• A team player with strong leadership, collaboration, and interpersonal skills, with the

ability to influence and drive change across the organization

• Strong Communication skills