Assistant Vice President - ISO and PCI Compliance Framework

ROLE ACCOUNTABILITY:

Security Program Management:
- Support  SBI Card's Information Security compliance, risk and audit program
-Able to assess, develop and implement information security programs including organizational design and key policies/process/standards/procedures.
- Informs stakeholders about compliance and security-related issues and activities affecting the assigned area or project
- Work with business and technical team members, third party vendors and auditors to ensure adherence to all applicable compliance standards (ISO 27001, PCI DSS, GDPR, etc).
- Reviews, develops and manage documentation/SOPs to ensure adherence with ISO 27001, PCI-DSS, GDPR compliance.
- Coordinates annual ISO 27001, PCI QSA audits & compliance certification with external audit and accreditation agencies.
- Provide periodic and adhoc security awareness training for employees/contractors to increase visibility of security in their daily job functions.
- Evaluates the effectiveness of existing awareness and training programs and makes recommendations for improvement.
- Review and manage existing Information Security Exception Management process
-Manage security programs like security awareness and training, security exception management, vendor security risk assessments, regulatory requirements (issued by RBI), PCI DSS etc.
- Communicates with multiple departments and levels of management in order to resolve technical, operational risks.
- Track information security actionable of various audits / assessments / committee

Project Management:
- Requires experience leading both people and technology which include managing the security related projects, process improvements and delivery of various information security programs.
- Develop business cases for security investments  and set priorities based on risk assessment. 
- Develop and maintain project plans and budgets  while ensuring project milestones are completed.
- Provide consistent two-way communication between project teams and management. Ensure alignment with senior leadership through regular milestone updates.
- Provide leadership independently for the project management process using key deliverable road map and success criteria.
-  Interface with various business functions and project managers.
- Facilitate meetings including daily stand-ups, issue resolution, and project status meetings.
-
- Leads initiatives designed to share knowledge across different platforms/stakeholders.

Financial Management:
- Develop and maintain financial budgets (MoUs)
- Manage relationships and contractual obligations with project related external suppliers.
- Manage various RFP processes within the parameters of cost, quality, schedule and business objectives.
- Manage sourcing processes including invoicing, purchase requests and orders etc.

Measures of Success (Define the Outcomes expected of the role):

-Successful number of adoption and implementation of security projects 

- Increase in maturity of Security Programs (Adoption & Capabilities). 

- Adherence to Financial budgets and allocations. 

- Delivery of project plans, milestone updates, presentations and communications to senior management and other relevant stakeholders.

Technical Skills / Experience / Certification (If any)

Industry-standard certifications such as PMP/Prince, CISA/CISSP etc.

Competencies critical for role with High Proficiency

- Strong experience in Project management, problem solving and operationalization of resources. 

- Strong knowledge and understanding of enterprise IT Systems, cloud infrastrucure and security principles and technologies 

- Ability to adapt to changes in the original project plans; effectively communicates changes or delays to team members and key stakeholders 

- Strong leadership skills with ability to impact individual project direction through influence and collaboration.

 - Highly proactive and results oriented with proven track record of success in all phases of project development. 

- Ability to establish and communicate work load prioritization within and between project teams. - Ability to handle multiple projects and tasks simultaneously. 

- Demonstrated experience in strategic activities and leading cross-functional projects 

- Ability to lead, collaborate, challenge and influence peers. Passion for project based execution and process improvement. 

- Excellent Documentation, Communication, presentation, interpersonal and leadership Skills

Key External Stakeholder(s): Auditors , Consultants

Key External Stakeholder(s): All business functions

Must have Qualification:  

- A Bachelor’s Degree in a related area such as Computer Science or Information Technology. Other engineering degrees may be considered, subject to extraordinary experience in IT and Cybersecurity.

Or, Any Postgraduate with relevant IT and Cybersecurity experience (post-graduation is not a mandatory).

- Industry-standard certifications such as PMP/Prince, CISA/CISSP is preferred.

Over All experience in role: 8 years overall

Relevant Experience with respect to the role: 6 relevant experience

Preferred Industry(If any): BFSI, NBFC, Telecom