Work Experience

Heading 5 functions

 

1. Risk, Governance & Compliance

• Implementing Information Security Frameworks: Develop, implement, and maintain a robust information security framework.

• Cybersecurity Risk Management: Identify, assess, and manage cybersecurity risks across the organization.

• Compliance with Regulations: Ensure compliance with regulatory requirements related to information security and cybersecurity.

• Policy and Procedure Development: Formulate and enforce information security policies and procedures.

• Risk Assessments: Conduct regular cybersecurity risk assessments and vulnerability analysis.

• Incident Response: Lead the development and implementation of incident response plans for cyber-attacks or data breaches.

• Data Protection: Ensure the protection of sensitive data from unauthorized access or breaches.

• Reporting: Regularly report cybersecurity status, risks, and incidents to senior management and the Board.

• Training and Awareness: Conduct cybersecurity awareness programs and training for employees.

• Continuous Monitoring: Oversee continuous monitoring of cybersecurity threats and implement preventive measures.

 

2. IT Information Security Operations (ITSO)

• Monitoring and Response: Continuously monitor IT systems for security threats, vulnerabilities, and breaches, and respond promptly to any security incidents.

• Incident Management: Implement and manage a well-defined incident response plan, ensuring timely detection, containment, eradication, and recovery from cybersecurity incidents.

• Security Infrastructure Management: Oversee and maintain the organization's security infrastructure, including firewalls, intrusion detection/prevention systems, and antivirus solutions.

• Threat Intelligence: Gather, analyse, and act upon threat intelligence to proactively identify and mitigate emerging security threats.

• Vulnerability Management: Regularly conduct vulnerability assessments and coordinate patch management to address security weaknesses.

• Compliance and Reporting: Ensure that IT security operations comply with relevant regulatory requirements and report security metrics, incidents, and compliance status to senior management.

• Access Control: Manage and enforce security controls related to user access, authentication, and authorization, ensuring that only authorized personnel can access critical systems and data.

• Security Audits: Conduct regular security audits and assessments to evaluate the effectiveness of the organization’s security measures and ensure compliance with policies and regulations.

• Employee Training: Promote security awareness and provide training for staff on identifying security threats, phishing attacks, and safe online practices.

• Collaboration: Work closely with other departments (e.g., IT, legal, compliance) to align security operations with business objectives and regulatory requirements.

 

3. Third Party Risk Management (TPRM) and Technology Risk Assessment (TRA)

• Third-Party Due Diligence: Conduct thorough risk assessments and due diligence before engaging with third-party vendors to evaluate their cybersecurity practices.

• Contractual Security Requirements: Define and enforce security obligations in contracts with third parties, ensuring compliance with data protection and cybersecurity standards.

• Continuous Monitoring: Regularly monitor the cybersecurity posture of third parties and the organization's technology infrastructure for emerging risks.

• Incident Response Alignment: Ensure third parties have incident response plans aligned with the organization’s protocols and ensure timely reporting of incidents.

• Vulnerability and Risk Identification: Identify, assess, and mitigate technology and third-party risks, including vulnerabilities in systems, applications, and external vendor relationships.

• Impact Analysis: Evaluate the potential impact of risks on business operations, data integrity, and overall cybersecurity resilience.

• Mitigation and Control Implementation: Develop and implement risk mitigation strategies, controls, and safeguards to address identified risks.

• Regular Audits and Reviews: Conduct periodic audits of third-party security practices and technology infrastructure to ensure compliance with established policies.

• Collaboration and Reporting: Collaborate with internal teams and third parties to address risks and provide regular updates on risk status to senior management.

• Training and Awareness: Promote ongoing cybersecurity training and awareness programs for staff and third parties to strengthen the organization’s overall security posture.

 

4. Business Continuity Management (BCM)

• Business Continuity Planning: Develop, implement, and maintain a comprehensive business continuity plan (BCP) to ensure critical operations can continue during disruptions.

• Risk Assessment and Impact Analysis: Conduct regular risk assessments and business impact analyses (BIA) to identify potential threats and their impact on business operations.

• Recovery Strategies: Design and implement recovery strategies for key business processes, IT systems, and resources to ensure timely recovery after disruptions.

• Crisis Management: Lead crisis management efforts during disruptions, coordinating response actions and communication across departments.

• Regular Testing and Drills: Organize and conduct regular testing, simulations, and tabletop exercises to ensure the BCP is effective, and staff are prepared for emergencies.

• Compliance: Ensure that the business continuity plan aligns with relevant legal, regulatory, and industry standards, and is regularly reviewed for compliance.

• Documentation and Reporting: Maintain detailed records of business continuity plans, risk assessments, recovery strategies, and testing activities, and report progress to senior management.

• Collaboration with Stakeholders: Work with internal departments, external partners, and third-party vendors to ensure their roles and responsibilities are integrated into the business continuity plan.

• Continuous Improvement: Continuously review and improve the business continuity strategy, incorporating lessons learned from disruptions, tests, and evolving business needs.

• Training and Awareness: Conduct training and awareness programs for staff to ensure familiarity with business continuity procedures and their roles in the event of a disruption.

 

5. Data Privacy & Protection

• Compliance Oversight: Ensure adherence to the provisions of the DPDP Act and regulations on data protection.

• Advisory Role: Advise the organization on data protection obligations, policies, and best practices.

• Monitoring Compliance: Ensure proper implementation and monitoring of data protection practices.

• Data Subject Rights: Oversee the handling of data subject rights, including access, rectification, and deletion requests.

• Impact Assessments: Ensure the performance of Data Protection Impact Assessments (DPIAs) for high-risk data processing.

• Training and Awareness: Conduct training and awareness programs on data protection principles for staff.

• Liaison with Authorities: Serve as the main point of contact for regulatory authorities, handling notifications and reporting.

• Data Breach Management: Oversee the detection, reporting, and management of data breaches.

• Documentation: Maintain records of data processing activities and ensure proper documentation of compliance efforts.

• Data Minimization: Ensure data collection and processing follow principles of necessity and data minimization.