Designation: Technical Program Manager

Department & Function: Information Security

Location: Corporate Office - Gurgaon

Reports to: Chief Information Security Officer

Job Purpose: This role will be responsible to execute information security projects as well as oversight & governance of security operation. This role will ensure that the security roadmap executes and security operations functions as per desired SLA.

 Key Responsibility:

Drive successful closure of key security projects that include  (but not limited to) new age technologies such as CASB, Zero Trust, Endpoint Detection & Response, Cyber Threat Intelligence etc. Periodic proof of concepts, new security technologies evaluation to put relevant security controls in the business process.

Overall governance of security operations centre that includes (but not limited to) technologies such as DLP, Data Classification, SIEM/SOAR, VAPT etc. Ensure information security partners deliver the promised SLA.Assess data leak control, periodic review of DLP/DC effectiveness (policy/procedure /DLP incident review). Collaborate with HR and Fraud risk team on the improvement of consequence mgmt.

Periodic assessment and reviews of IT and Information security processes (e.g. Change, Incident, Patching, Backup/restore, Hardening, Vulnerability mgmt, TPRM etc) and ensure timely closure of process control gaps. Effective vulnerability mgmt by ensuring timely scheduling of VAPT (Vulnerability Assessment & Penetration Testing) across infra and application landscape and timely closure of the vulnerabilities. Periodic collaboration with special interest group on data leak identification and breach control. Periodic cloud security assessment to ensure secure information exchange and data security at rest, transit and use.

Help define the framework for Third Party Risk Mgmt and execute. (Periodic third party risk mgmt by doing the audits and risk assessments of the critical vendors. Collaborate with business on educating/mitigating the identified vendor risks).

Annual IT risk assessment for the business critical processes and technologies, maintain the consolidated risk register and drive timely closure to the identified risk. Drafting mgmt presentation outlining existing information security issues as well as potential roadmap to address them. Presenting infosec score card to the Senior Management.

Plan and prepare the budget projection for information security initiatives. Work with the relevant teams to drive the value of information security investments and optimization of technologies. Report utilization status and present future requirements. Impart Information security education across the diverse user-base and prepare relevant infosec content so as to generate appropriate awareness levels towards data protection.

Drive any applicable infosec audit (eg ISO27001, NDHM, Internal audit/assessment etc) to its successful closure and track the timely closure of audit findings. Periodic infosec reviews of data processing facilities and key office locations on the compliance of information security requirements.

Key Interactions: Internal & External