Responsibilities:

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
• Manage the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management and annual performance reviews.
• Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
• Develop, maintain and publish up-to-date information security policies, standards and guidelines.
• Oversee the approval, training, and dissemination of security policies and practices.
• Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
• Develop and manage information security budgets and monitor them for variances.
• Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
• Work directly with the business units to facilitate IT risk assessment and risk management
• Processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
• Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.
• Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
• Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.
• 10-12 yrs experience, reports to CISO
• Jointly develop Data Privacy strategy and perform budgeting activities.
• Manage and update data privacy policies and procedures.
• Assess and manage data privacy risks.
• Manage data access requests and grievances.
• Submit Privacy review report and highlight risks to management on biannual basis.
• Conduct quarterly meeting with management and business teams to review Data Privacy Program.