Information Security Officer

Job Description

Job Purpose: The Security Architect will be responsible for designing, implementing, and maintaining the overall security posture of the NBFC's IT infrastructure, applications, and data. This role involves developing and enforcing security policies, standards, and procedures to protect the organization from cyber threats, ensuring compliance with regulatory requirements, and safeguarding customer data. The Security Architect will work closely with IT, risk management, and business teams to align security strategies with business objectives. Key Responsibilities: Information Security Strategy Develop and implement an organization-wide information security strategy and vision. Align information security initiatives with business goals and objectives. Stay abreast of emerging threats and technologies to adapt the security strategy accordingly. Meeting and Board Presentation Participate in senior management meetings. Present the security strategy and vision to the board. Present risk and mitigation plans to the risk committee. Risk Management Identify, assess, and prioritize information security risks. Develop and implement risk mitigation strategies. Establish risk management frameworks and policies. Security Policies and Procedures Develop, implement, and enforce information security policies and procedures. Ensure compliance with relevant laws, regulations, and industry standards. Promote security awareness and education throughout the organization. Incident Response and Management Develop and maintain an incident response plan. Lead and coordinate responses to security incidents. Conduct post-incident reviews and implement improvements. Security Architecture Design and implement a robust information security architecture. Evaluate and select security technologies and tools. Ensure the integration of security measures into the organization's IT infrastructure. Security Awareness and Training Develop and implement security awareness programs for employees. Provide training to staff on security policies and best practices. Vendor and Third-Party Risk Management Assess and manage the security risks associated with external vendors and third-party relationships. Ensure that third-party contracts include appropriate security requirements. Compliance Monitor and ensure compliance with relevant data protection and privacy laws. Coordinate with legal and compliance teams to address regulatory requirements. Ensure compliance with relevant regulatory requirements (e.g., RBI guidelines, DPDPA, Cert-In, etc.). Security Audits and Assessments Conduct regular security audits and assessments. Prepare and maintain documentation for audits and regulatory inspections. Ensure the effectiveness of security controls and measures. Security Governance Establish and chair a security governance committee. Report regularly to executive leadership and the board on the state of information security. Budget and Resource Management Develop and manage the information security budget. Allocate resources effectively to support security initiatives. Collaboration and Communication Collaborate with other senior executives to integrate security into overall business strategies. Communicate effectively with stakeholders about the importance of information security. Provide guidance and training to employees on security best practices and awareness.