About The Company
Tata Communications Redefines Connectivity with Innovation and IntelligenceDriving the next level of intelligence powered by Cloud, Mobility, Internet of Things, Collaboration, Security, Media services and Network services, we at Tata Communications are envisaging a New World of CommunicationsEstablish comprehensive security and data privacy risk lifecycle mgmt. charter and adoption of security risk framework across the organisationEstablish 2nd line of defence for independent validation and assurance of organisation's security posture and risk exposureContinuous assessment of security and data privacy risks across technology environment and business processesRecommend and execute strategic risk reduction and mitigation plan in collaboration with business stakeholdersGovern security and data privacy risk posture providing assurance to maintain risk exposure under pre-defined acceptable thresholdsEstablish, drive adoption, govern adherence of security policies, maintain regulatory compliance assurance across organisation, supporting audits and industry certificationsCollaboration with business stakeholders and executive leadership on risk awareness and risk mgmt. practices and shift-left for security risk decisionsCyber Risk Impact -
Recommend, influence and facilitate decisions that directly affect organizational cyber resilience, regulatory compliance, and business continuity which requires senior level judgment and accountabilityCross Functional Governance -
Interface with BU Heads, GMC members, Executive leadership and Risk committee on the matter of security and data privacy risk decisions and assuranceRegulatory & Strategic Complexity -
Manage cyber security risk for global jurisdictions with ability to interpret and apply regulations strategicallyAgility for Business -
Operate with the lean team while maintaining execution oversight demonstrating leadership as well as execution guidance for middle management and operations teamsAccountability -
Ensure that risk accountability remains integrated into business and technology decisions, providing necessary leadership in risk governance forumsDecision Authority -
The role spans technology, operations and business functions to maintain risk posture, enforce risk acceptance/rejection and sign-off on residual risk exposure for business initiativesStrong critical and analytical thinking with quantitative cyber risk analysis and modelling capabilityKnowledge of cyber risks and business impact assessment techniques and frameworksRegulatory compliance cybersecurity controls analysis and interpretation for technology and business processesExpertise to align cyber risk decisions with business prioritiesAbility to perform with cross-functional engagement and influencing senior stakeholdersFamiliarity with AI security governance, data privacy risk mgmt., and evolving technology practicesDevelop and maintain Cyber Risk Framework integrated with ERMAlign security controls with business criticality and regulatory requirementsConduct periodic technology risk assessments for controls effectiveness across infrastructure, networks, applications, cloud, and identity across enterprise and BU productsLead threat modelling and control design reviews for new technology, AI and business initiatives, merger and technology partnershipsMaintain Cyber Risk Register with quantitative risk scores such as FAIR or CVSSEvaluate third-party and supply chain risks including SaaS, cloud and technology service partnersEstablish cyber risk appetite and key risk indicators (KRIs) linked to business tolerance levelsGovern implementation of baseline security controls (e.g. CIS, NIST, ISO) across technology environment and business processesConduct periodic control assurance reviews and validate effectiveness of compensating security and data privacy controlsManage regulatory compliance mapping – ISO 27001, SOC 2 Global Telecom and Data Privacy regulationsOversee risk-based audit readiness and support IA and regulatory auditsMaintain risk mitigation plans and ensure timely closure of non-compliance or audit gapsDevelop and maintain cyber risk dashboards and recommended risk posture improvement plans for BU, CISO, CRO, and Board committeesConduct cyber risk workshops and tabletop simulations with BU leadership for actionable risk insightsProvide executive insights on risk trends, threat landscape, and cyber resilienceLead post-incident risk assessment, lessons learned reviews and CAPAWorkflow automation for Risk tracking and issue remediation
