Virtual Chief Information Security Officer - Kochi, India - ValueMentor

ValueMentor

Verified Company

Kochi, India

2 weeks ago

Posted by:

Deepika Kaur

beBee Recuiter

Description

Job Title:
Virtual Chief Information Security Officer (vCISO)

Job Overview:

As a Virtual Chief Information Security Officer (vCISO), you will lead and manage the security operations function of our assigned project/organization.

The role involves overseeing various aspects of security, disaster recovery, security finance management, documentation, compliance, and program onboarding. The As a vCISO is expected to possess a diverse skill set encompassing technical, business, communication, and leadership expertise.

Responsibilities:

Security Operations:

Lead vulnerability risk assessments.
Implement cyber security frameworks, including
NIST 80053, ISO 27002.
Provide oversight on
incident response planning.
Create and maintain security policies and procedures.
Serve as an advisor for Governance, Risk, and Compliance.
Provide leadership in performing regulatory assessments.
Coordinate
Disaster Recovery processes and procedures .

Disaster Recovery:

Develop and implement Disaster Recovery and Business Continuity Plan policies.
Identify and prioritize key assets for the plan.
Schedule and plan periodic exercises of the plan.
Manage disaster recovery exercises and provide feedback to stakeholders.
Document the Disaster Recovery and Business Continuity Plans.
Provide a strategic plan for backup of critical assets and systems.

Security Finance Management:

Conduct asset management reviews.
Quantify the overall value of security initiatives.
Assess the cost of security tools or systems and analyze the return on investment.

Documentation:

Establish a detailed documentation standard and review process.
Contribute to the development and documentation of key cyber security policies.
Maintain a standard approval process for policy reviews.

Compliance:

Provide leadership and guidance on the implementation of regulatory compliance objectives.
Conduct internal assessments and respond to external compliance reviews.
Stay current on regulatory compliance updates related to the organization.
Address standards such as
SOC, PCI, HIPAA, GDPR, or FedRAMP.

Program Onboarding:

Promote the SDLC process in new internal systems and standard onboarding approval.
Ensure thirdparty systems meet security standards and align with business objectives.
Maintain a risk assessment standard for new systems, including penetration testing or vulnerability scans.

Skill Set: