Responsibilities
• Work closely with the Head of Information Security Group and CISO to champion organization wide Cyber Security Governance initiatives in line with the Cyber Security Strategy to ensure the CISO’s agenda is achieved as a whole • Responsible for effective Cyber Security Governance & Roadmap across Infosys group of companies (“Infosys” or “Organization” or “Company”) & it’s Subsidiaries • Liaison with all internal (ISG) and external (non-ISG) leads to meet Cyber Security Governance objectives including Subsidiary point of contacts • Institutionalize a robust Cyber Security Governance Framework which includes a best-in-class Cyber Security Strategy and its associated roadmap towards achieving its objectives • Manage the Cyber Security Strategy to leverage new technology and threat vectors • Drive a Program Management Office (PgMO) to ensure all critical Cyber Security Programs and Projects are tracked closely and progress reported on a periodic basis
Technical Requirements
• Institutionalize and maintain a comprehensive Cyber Security Metrics Program in line with industry best practices such as, ISO 27004 or Information Security Forum (ISF) with on-demand as well as periodic reporting to, o CISO & Head of Information Security Group o Security councils such as Information Security Council (ISC), Subsidiary Security Councils and, o Board members • Advise the Lead managers and relevant stakeholders on pertinent Cyber Security Risks identified from the Information Security Metrics program • Manage the various Cyber Security Council’s Governance Frameworks and Terms of References (ToR) • Manage the Cyber Security RACI in consultation with relevant stakeholders for effective Cyber Security Governance in the organization • Disbursal of minutes of meetings (MoM) of various meetings with CISO involvement and track action items closely and progress is reported on periodic basis
Preferred Skills
Foundational->Information Security->Governance Risk and Compliance
Audits
Workflow
Additional Responsibilities
• If required, be able to interface with the Client counterparts and their Leadership to provide the right assurance with regards to Infosys’ Information Security Practices safeguarding their data • Ensure multi-faceted, business-focused Security strategies are implemented which would bridge the gap between technical and business functions while ensuring Security at the same time • As the owner of the IT GRC system, liaison with various module owners to drive appropriate decisions which will bring in important improvements on how the system is used individually at a module level and as a GRC system as a whole in a most optimal manner • Keep self completely up-to-date with the activities of other ISG Functions / Groups so as to be able to glean on the issues and whether it is in line with the Cyber Security Strategy and thus the CISO’s agenda
Educational Requirements
Bachelor of Engineering
