Job
Description
11.1 Risk Management 11.1.1 Lead the identification, assessment, analysis, treatment and management of security risks across the organization and its subsidiaries. 11.1.2 Facilitate smooth conduct of Risk Assessment on different levels and functional verticals of the organization and subsidiaries. 11.1.3 Collaborate with cross-functional teams to mitigate risk, develop risk treatment plans, and monitor effectiveness of implemented controls and counter measures 11.1.4 Perform periodic risk reviews, define, establish and monitor key performance and risk indicators across subsidiaries to strengthen their information security posture. 11.1.5 Report key risks and status of mitigation measures to leadership on a frequent basis. 11.1.6 Lead the supplier information security risk assurance process for subsidiaries, which involves: Maintain an inventory of suppliers to be covered under Information security risk assurance process. Categorize and prioritize the supplier’s basis the nature of service provided, level of access to Infosys/client information, network. Due diligence: Assess the supplier’s information security posture to identify the relevant risks from the engagement. Ensure that supplier contracts include Information security specific clauses like Confidentiality, Incident reporting, right to audit etc. On-going monitoring of supplier controls with the help of metrics, annual assessment. 11.2 Program Management 11.2.1 Lead, manage, and ensure the successful execution of large-scale and small-scale information security programs for subsidiaries 11.2.2 Create and implement project plans, timelines, budgets, and resources, ensuring delivery within scope and deadlines 11.2.3 Coordinate with multiple teams (e.g., IT, M&A and Internal ISG Functions) to ensure programs are executed effectively. 11.2.4 Conduct risk-based prioritization and manage the roadmap for security initiatives. Skills and knowledge expectations: Possess cross-domain knowledge in various areas of Cyber Security such as, but not limited to: 12. Information security concepts and principles, including confidentiality, integrity and availability of information. 12. Knowledge of Enterprise security architecture (Security technologies, Operating systems, databases, network, applications) Show more Show less
