Total Yrs. of Experience
5 Years
Relevant Yrs. of experience
3-5 Years
Detailed JD (Roles and Responsibilities)
Role Cyber Security Risk Lead
Technology PKI/DLP/DS/DAM/DP
Location India
Business Unit CyberSec
Your role
In the role of Security risk management officer, you will interface with key stakeholders and apply your technical proficiency across different stages of the Security Risk Management lifecycle. You will also support on the Security Risk Management framework implementation and strategy. The role will also act as a key link on security risk management issues between the functional teams and the wider business to ensure collaborative assessment and management of security risks and issues through their lifecycle. You will be responsible for assessing the impact of new and existing risks whilst striving to ensure the effective implementation of controls for compliance and service assurance. The key activities to be supported include risk and issues assessment and ongoing management, risk reporting and governance, and exceptions management. You will be part of a learning culture, where teamwork and collaboration are encouraged, excellence is rewarded, and diversity is respected and valued.
Required
As part of the Security GRC Team, In the role of Security Risk Officer, the following are the areas of responsibility:
To be an SME in Cyber Security Risk within the Connectivity and Entertainment Business Unit and wider Organisation.
Assist business areas in accurately assessing security risks and defining and agreeing action plans to implement controls to manage these risks.
Assist in the maintenance the information security risk registers and support continuous improvement and maturation of information security risk management processes.
Contribute to the definition and maintenance of a practical and comprehensive Security Risk Management methodology with supporting tools where appropriate.
Provide advisory support to business functions and IT teams in understanding risk and security considerations of business operations, new projects, and third-party suppliers.
Monitor compliance and progress for agreed controls on a regular basis.
Provide comprehensive Risk Reporting to customers, senior management and Board level.
Develop a thorough understanding of the business's Security Policies and Standards.
Other tasks as directed by security management.
Qualifications and Experience
Familiar with Enterprise/Operations Risk Management methodology and processes.
Experience in a Security Risk management or wider Information Security Governance role in a large commercial organisation (Minimum 2 - 5 years).
Extensive understanding of Information security management best practices, including ISO 27001, NIST and legal and regulatory security requirements, including GDPR, Payment Card Industry and Sarbanes Oxley.
Although not a highly technical role, general knowledge and awareness of cyber and security architecture best practice is required.
Experience of a large, complex, global matrix organisation.
Experience of conducting security risk assessments.
Ideal: educated to degree level or holding a professional qualification (e.g. CRISC, CISSP, CISM, Auditor/Implementer for ISO 27001 or equivalent)
Desirable: Knowledge or experience of the telecoms industry
Mandatory skills
As part of the Security GRC Team, In the role of Security Risk Officer, the following are the areas of responsibility:
To be an SME in Cyber Security Risk within the Connectivity and Entertainment Business Unit and wider Organisation.
Assist business areas in accurately assessing security risks and defining and agreeing action plans to implement controls to manage these risks.
Assist in the maintenance the information security risk registers and support continuous improvement and maturation of information security risk management processes.
Contribute to the definition and maintenance of a practical and comprehensive Security Risk Management methodology with supporting tools where appropriate.
Provide advisory support to business functions and IT teams in understanding risk and security considerations of business operations, new projects, and third-party suppliers.
Monitor compliance and progress for agreed controls on a regular basis.
Provide comprehensive Risk Reporting to customers, senior management and Board level.
Develop a thorough understanding of the business's Security Policies and Standards.
Other tasks as directed by security management.
Desired/ Secondary skills
Besides the professional qualifications of the candidates, we place great importance in addition to various forms personality profile. These include:
Excellent writing skills with the ability to articulate complex technical issues in simple, easy to understand business context.
Effective verbal communicator to ensure engagement with management across the organisation.
Able to work closely as part of cross-functional and cross-geographical teams, lead discussions, and be confident in making decisions.
The ability to manage and prioritise workload.
Customer and stakeholder focussed with attention to detail and the ability to meet multiple competing deadlines.
Ability to apply pragmatism to complex security problems.
Ability to adapt approach and content to audiences across operational, management, and senior management.
