Project Director

Role Name: Project Director

Looking for Security Operations Director (Project Director), for managing and administration of Customer SOC Project, in Financial Domain.

Location

Job Summary:

·        This is an opportunity for a highly motivated individual to join a high energy team of Information security professionals responsible for managing global security infrastructure of reputed Financial Institution.

·        This position is to be part of a global team, reporting to the Program Head.

Responsibilities:

An information security director is responsible for leading and overseeing the information security function within an organization. They are entrusted with protecting the confidentiality, integrity, and availability of the Customer information assets.

The information security director develops and implements comprehensive strategies, policies, and procedures to identify and mitigate risks, ensure compliance with industry regulations, and respond effectively to security incidents. They work closely with stakeholders across the organization to promote a culture of security and to align information security practices with Client business objectives.

Security operations director is responsible for managing the day-to-day activities of the security operations center (SOC) or incident response team. He/She oversee the monitoring of security events, investigations of security incidents, and coordination of incident response efforts.

He/She work closely with other Bank teams to ensure timely detection, response, and resolution of security issues.

In addition to strategic planning and risk management, the information security director plays a vital role in establishing governance frameworks and ensuring regulatory compliance.

Some Common duties and responsibilities include:

·    Strategic Planning: Develop and implement the organization's information security strategy, aligning it with business objectives and risk tolerance. Identify and prioritize security initiatives, establish security goals, and create a roadmap for their implementation.

·    Risk Management: Conduct regular risk assessments to identify and evaluate potential security threats and vulnerabilities. Develop and implement risk mitigation strategies, including security controls, policies, and procedures. Monitor and manage security risks through ongoing assessments and the implementation of appropriate safeguards.

·    Policy and Procedure Development: Establish and enforce information security policies, standards, guidelines, and procedures. Ensure that they align with industry best practices and regulatory requirements. Communicate and educate employees on security policies, promoting a culture of security awareness and compliance.

·    Compliance and Regulatory Requirements: Stay abreast of relevant laws, regulations, and industry standards pertaining to information security. Ensure that the organization's security practices and controls are in compliance with applicable requirements. Liaise with regulatory bodies, auditors, and stakeholders to address compliance issues and maintain regulatory alignment.

·    Incident Response and Management: Develop and maintain an incident response plan to address and manage security incidents effectively. Establish protocols for detecting, responding to, and recovering from security breaches or other security-related incidents. Coordinate with relevant teams to investigate incidents, implement remediation measures, and report on the outcomes.

·    Security Awareness and Training: Develop and deliver security awareness and training programs for employees at all levels of the organization. Ensure that employees understand their role in maintaining information security and are equipped with the knowledge to identify and respond to security risks.

·    Vendor Management: Assess and manage the security risks associated with third-party vendors and suppliers. Establish security requirements and standards for vendor contracts, conduct security assessments of vendors, and monitor ongoing compliance.

·    Security Governance: Establish and maintain security governance frameworks and structures to ensure effective oversight and accountability. Participate in security committees and provide regular updates to executive leadership and the board of directors on the organization's security posture, risks, and compliance status.

·    Security Incident Reporting and Communication: Develop and implement processes for reporting and communicating security incidents to appropriate stakeholders, including executives, legal counsel, and regulatory bodies. Ensure that incident reports are timely, accurate, and comprehensive.

·    Continuous Improvement: Stay abreast of emerging threats, vulnerabilities, and technologies in the information security field. Continuously evaluate and enhance the organization's security posture, controls, and processes through regular reviews, audits, and testing.

Technical Skills:

·        10-15 years of experience in handling Information Security Projects, preferably in the Financial Services sector.

·        Strong knowledge in network & Information security Fundamentals

·        Experience in handling large team of Information Security Professionals (>25 nos.)

·        Familiarity with incident response techniques, intrusion prevention systems, information security methodologies, authentication protocols and different IT Security threat mechanisms.

·        Good extensive Knowledge of IT Security Standards (ISMS / ISO 27001, PCI-DSS, SOX, CMMi etc.)

·        Mandatory Security Certification (either of CISA, CISM, CISSP, CIPP/R etc.)