Key Responsibilities:
• Develop, implement, and maintain the organization’s information security strategy, policies, and procedures.
• Leads the review and formal approval process for Policy updates. Ensures Information Security Policy and Standard documents meet or exceed industry standards and compliance.
• Lead and manage security audits, risk assessments, and incident response efforts.
• Monitor network and system security, identifying vulnerabilities and implementing mitigation strategies.
• Lead compliance with industry standards and regulations (e.g., ISO 27001, NIST, DPDPA, PCI DSS).
• Manage internal and external audits and coordinate responses to security assessments.
• Lead the IRDA & ISNP cyber security audits.
• Lead third party risk management program for external vendors on the end-to- end basis the annual calendar, review the evidence and lead the discussion of observations with relevant stakeholders.
• Work closely with IT, legal, compliance, and business units to align security practices with business objectives.
• Familiarity with the security tools, such as firewalls, antivirus software, EDR, IDS/IPS, SIEM, etc.
• Conduct regular security training and awareness programs for employees.
• Manage the Information Security Awareness Program and conduct phishing simulation and tabletop exercise in the organization.
• Report on the security posture and provide recommendations to senior management and stakeholders.
• Maintain the security risk register and drive remediation activities with business and IT stakeholders.
• Conduct periodic risk assessments basis ISO 27001:2022.
• Conducting risk assessment of security solutions (including perimeter devices) at any point in time managed by the IT Function.
• Implementing the regulatory frameworks and cyber security guidelines with relevant functions.
• Assist in the preparation of deliverable for InfoSec & Risk Committee Meetings held quarterly.
• Interface with CERT-In for vulnerabilities and advisories and communicate the same with internal stakeholders.
• Manage security projects and provide expert guidance on security matters for all important initiatives.
Qualifications:
Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• 6+ years of experience in information security, governance or cybersecurity roles.
• Professional certifications such as CISSP, CISM, CISA, or equivalent are highly desirable.
• Strong knowledge of security technologies, risk management frameworks, and regulatory compliance requirements.
• Experience with cloud security (e.g., AWS, Azure), endpoint protection, network security, and application security will be an advantage.
Excellent analytical, problem-solving, and communication skills.
• Ability to manage multiple projects and priorities in a dynamic environment.
/filters:strip_exif()/profile_images/mOgidTY61Kg4BL0ozjhQVjayGGZXLq7KDtYPjMIC.png)
PNB MetLife
/filters:strip_exif()/profile_images/9bzsWAAdlapmYrr4UzSIRsNmJUrwses3YpnrWeut.jpg "VLink")
Pune, Maharashtra, India