Ciso - Chennai, India - Saaki Argus & Averil Consulting

Saaki Argus & Averil Consulting

Verified Company

Chennai, India

2 weeks ago

Posted by:

Deepika Kaur

beBee Recuiter

Description

Role:
Chief Information Security Officer (

Job Grade:
VP)

Reporting to:
CRO, CAMS

Location:
Chennai

Compensation:
Negotiable

COMPANY DESCRIPTION About

CAMS:

Computer Age Management Services (CAMS) is the leading Mutual Fund Transfer Agency for Indian Asset Management Companies servicing ~70% of the MF Industry AUM.

The mutual fund business constitutes ~90% of the group's revenue. CAMS is also a technology-enabled service solutions partner to Private Life Insurance, Private Equity Funds, Software development/maintenance, and Payments.

Besides serving as a B2B solutions partner, CAMS brings a unique ability of B2C to perform the end customers through various touch points such as a pan India network of Service centres, Call centres, and Online Services.

The company was incorporated in 1988 and had four backoffice delivery centres in Chennai, a Business Continuity Plan (BCP) site at Coimbatore, and a Pan India network of 270+ customer service centers.

CAMS is a listed company with Warburg Pincus LLC (a leading global private equity firm) and HDFC Group among its shareholders, headquartered in Chennai, India.

SCOPE AND RESPONSIBILITY

ROLES & RESPONSIBILITIES:
As a Chief Information Security Officer, you will establish, maintain, and oversee the information security program across the organization.

You will develop and implement security policies, procedures, standards, and guidelines to protect the company's information assets.

You will identify and mitigate security risks and ensure compliance with relevant regulations and standards.

Develop and maintain the company's information security policies, procedures, standards, and guidelines to ensure the protection of the company's information assets.
Develop, implement, and monitor a strategic enterprise information security and IT risk management program.
Work directly with the business units to facilitate security, technology, and privacy risk management processes.
Oversee the implementation of security controls to protect the company's information systems and networks from unauthorized access, modification, disclosure, destruction, or disruption.

People Practices

Develop, implement, and manage the organization's cybersecurity program.
Develop and manage the company's security incident response plan and ensure it is regularly tested and updated.
Conduct regular security assessments to identify vulnerabilities and risks in the company's information systems and networks and recommend appropriate remediation measures.
Develop and maintain relationships with external security organizations and regulatory bodies to ensure compliance with relevant regulations and standards.
Manage thirdparty vendor relationships from a security, technology, and privacy risks perspective.
Provide regular security awareness training to employees, contractors, and vendors to ensure they know their security responsibilities and best practices.
Develop and manage the information security budget to ensure adequate resources are allocated to support the program.
Provide periodic security dashboards to the management on the effectiveness of the program.

KEY SELECTION CRITERIA

The person should be a go-getter willing to go the extra mile by bringing in Thought Leadership and new age thinking skills.

Education and Experience Requirements:

Master's degree in computer science, information systems, or related field. Master's degree preferred.
At least 20 years of experience in information security, with at least five years in a leadership role.
Strong understanding of security frameworks and standards such as ISO, NIST, and CIS Controls.
Experience with security technologies such as firewalls, intrusion detection and prevention systems, security information and event management (SIEM) systems, and vulnerability management tools.
Experience with cloud security and DevSecOps practices.
Experience with contract reviews to ensure third parties meet security requirements.
Excellent communication and leadership skills, with the ability to collaborate with stakeholders at all levels of the organization.
Relevant security certifications such as CISSP, CISM, CRISC, and CCSP are preferred.

Competencies Required:

Experience in Information Security, Risk Management, and Regulatory Compliance.
Knowledge of Business Operations, Discretion & Trust, Information Technology, Threat Insights, Balancing Compliance, and Risk Orientation.

People Practices KPIs

Percentage of compliance with regulatory requirements.
The number of security incidents detected and resolved within a specific timeframe.
Time to detect and respond to security incidents.
The number of security vulnerabilities identified and remediated on time.
Percentage of employees who have completed security awareness and training programs.
The number of successful phishing simulations to measure the effectiveness of the security awareness.
Percentage of critical assets covered by risk