AGM - Cybersecurity

[6:56 PM] Vachaspati Saxena

Roles and Responsibilities

• Partner with the CISO and Cyber Security COEs to assess execution of security policies and validation of necessary controls in line with defined systems and processes at the Group/Business/Site levels
• Oversee development and implementation of predictive intelligent metrics, reporting and advanced analytics capability for enhanced insights into asset protection, risk mitigation and business process enhancement to aid strategic decision making
• Own security incident preparedness, mitigation, response and recovery plans
• Ensure cyber security incident response plans and activities follow applicable laws, regulations and compliance requirements
• Actively review and approve project plans to ensure compliance with security requirements with active inputs from key Cyber Security COE teams
• Ensure provision of inputs to other Cyber Security COEs to review and refine processes basis on-ground feedback and observations
• Partner with internal and external stakeholders to achieve broader cyber security situational awareness

• Identify major external attacks, third-party risks, potential exposure and other vulnerabilities within the Adani IT environment, test resilience
• Review security related issues through periodic meetings with CIOs to understand issues and provide resolution for the same
• Drive continuous deployment of proactive threat management measures across group and businesses to prevent incidents and support a culture of security across all IT and OT projects and assets
• Establish a process to monitor the enterprise for anomalies based on attack patterns. 

• Respond to cyber events, manage and lead effective resolution of security incidents and breaches basis group incident response and recovery plan guidelines
• Collaborate with key stakeholders according to response plans, drive education of team personnel on their roles and order of operations
• Mitigate and document newly identified vulnerabilities as accepted risks
• Institutionalize monthly reporting of cybersecurity quality and cyber-attacks & incidents as well as a culture of reporting events with established criteria 

• Lead forensic investigations on suspicious events to arrive at inputs to support incident prevention and management
• Investigate notifications from detection systems, perform forensics, understand impact of the incident, and categorize incidents consistently with response plans
• Incorporate lessons learned from past incidents into response planning to update response strategies

• Maintain tools and techniques to ensure monitoring systems and technology is functioning properly and maintained
• Establish a process to collect and analyse business and security operations data over a period of time to develop and identify patterns
• Provide monthly incident summary and service health review reporting for executive stakeholders
• Use problem management to drive continuous improvement in incident processes and identify/share best practices across the incident response community

• Attract, develop, retain talent and improving productivity, efficiency, and effectiveness of the team and / or business.
• Drive a performance driven culture – set goals, review performance, and provide feedback to ensure a motivated and committed team
• Foster an environment of learning, excellence, and innovation within the team and across teams

Educational qualifications:

• Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent)
• Advanced educational qualifications, such as an MBA in Cyber Security/ Information Systems  or a related field.
• Additional certifications in Cybersecurity Like CISSP/ CISM
• Advanced Excel skills (Pivots, dimensional modelling, linking to external data sources)
• Process improvement, project management, ISO, six sigma certifications are preferred

Experience:

• Minimum 20-25 years’ experience in driving large, complex  Cybersecurity Operations
• Process and program improvement experience including measurement of value and benefits achieved
• Strong ability to operate successfully in ambiguous situations
• Track record of excellence in incident/crisis management at a global, national or unit level
• Ability to develop, and maintain security related processes, procedures, program baselines, training, and improvement plans
• Experience operating and making decisions to remain compliant with legal, regulatory, and cultural norms
• Strong work and compliance ethic, and the ability to effectively prioritize and execute tasks in a dynamic and high-pressure environment.
• Ability to change plans, goals, actions, and priorities in response to an evolving business environment with awareness to operate as a champion for course corrections when necessary