Designation: Manager - Data Officer
Department & Function: IT

Reports to: CISO

What decisions can this position take: Overall IT Security, Risk Cyber security

Customers effected - Internal / External: Internal External both
 

Key Responsibility:

• Web Application Security Assessment (OWASP- Open Web Application Security)for client projects in Post-delivery, test phase. Identify vulnerabilities and discuss with project manager on feasibility of implementation of the same
• Collaborate with the Internal Risk Based Supervision (IRBS), Operational Risk based Management (ORM), Vigilance teams in the overall administration of these directives
• Provide regular reporting on the current status of the information security program to senior management and the board of directors.
• Promote a organization privacy philosophy, and implement policies that protect the organization from privacy-related liability
• Plan and Prepare budget projection details and utilization status for Awareness, Privacy, PCI DSS to the CISO on an annual basis.
• Performing Privacy Impact Assessment for the enabling functions and selected delivery accounts.
• Performing Vendor Due Diligence from privacy perspective for vendors handling personal data.
• Preparing for SOC 2 audit by maintaining the details which include TOD and TOE mapping.
• Provide inputs for preparing the Senior Management Review presentations that are done by CIO with Board members and other Senior personnel.Mapping of the applicable trust principles with internal controls framework and preparing for SOC 2 audit by maintaining the details which include TOD and TOE mapping.
• Identify risks and build actionable plans to protect from Cybersecurity incidents.
• Alert CISO who in turn can advise Board of Directors, Senior Management of emerging compliance issues.
• Building an Integrated Compliance Management (ICM) framework which complies with ISO - 27001, SSAE 16/ SOC2, BCMS mandates of CMMi ML5, DPA UK, GDPR, PDPA and ISO 9001.