PMO

Role & responsibilities

Governance, Strategy & Leadership

Define and implement PMO frameworks, policies, and best practices.

Ensure alignment of IT & security projects with business objectives.

Conduct program reviews and provide executive updates (CEO/senior stakeholders).

Track KPIs, metrics, and outcomes for IT/security initiatives.

Oversee vendor & stakeholder management.

Compliance, Audit & Certification Management - Technology Compliance

Develop and maintain IT/security policies (ISO 27001, NIST, GDPR, SOC 2, PCI DSS, RBI, SEBI, etc.).

Manage internal/external audits (ITGC, SOX, regulatory compliance).

Track audit findings and ensure remediation.

Drive IT security certifications (ISO 27001, NIST CSF, PCI DSS, etc.).

Maintain compliance registers, evidence logs, and document repositories.

Project & Program Management

End-to-end project management for IT and security initiatives (planning, execution, monitoring).

Maintain project documentation (charters, risk logs, change requests, lessons learned).

Ensure adherence to timelines, budgets, and quality standards.

Report project status via dashboards (SPHI, risk heatmaps, compliance gaps).

Prepare monthly, quarterly and annual comprehensive reports

Business Continuity & Disaster Recovery (BC/DR)

Plan and execute BC/DR drills across all locations.

Update BC/DR plans based on test outcomes.

Ensure regulatory compliance for resilience (e.g., RBI, SEBI, UAE Central Bank).

Risk & Control Assessments

Conduct IT risk assessments and control gap analysis.

Implement risk mitigation strategies.

Monitor third-party vendor risks.

Training, Awareness & Simulations

Conduct security awareness programs (phishing simulations, workshops, e-learning).

Track training effectiveness (competency improvements, phishing click rates).

Organize internal technical trainings for IT/security teams.

Security Product Health Index (SPHI) & Reporting

Maintain SPHI reports to assess security tool effectiveness.

Track vulnerabilities, patch management, and system upgrades.

Generate executive dashboards & analytics for leadership.

Branding, Communication & Team Engagement

Publish security awareness mailers, newsletters, and compliance updates.

Drive internal branding (security as a business enabler).

Organize team-building activities and career growth plans for PMO/security teams.