AGM - Technology Security

Vodafone Idea Limited is an Aditya Birla Group and Vodafone Group partnership. It is India’s leading telecom service provider. The Company provides pan India Voice and Data services across 2G, 3G and 4G platform. With the large spectrum portfolio to support the growing demand for data and voice, the company is committed to deliver delightful customer experiences and contribute towards creating a truly ‘Digital India’ by enabling millions of citizens to connect and build a better tomorrow. The Company is developing infrastructure to introduce newer and smarter technologies, making both retail and enterprise customers future ready with innovative offerings, conveniently accessible through an ecosystem of digital channels as well as extensive on-ground presence. The Company is listed on National Stock Exchange (NSE) and Bombay Stock Exchange (BSE) in India.

We're proud to be an equal opportunity employer. At VIL, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected and empowered to reach their potential and contribute their best.

VIL's goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our Values of Passion, Boldness, Trust, Speed and Digital. Consequently, our recruiting efforts are directed towards attracting and retaining best and brightest talents. Our endeavour is to be First Choice for prospective employees.

VIL ensures equal employment opportunity without discrimination or harassment based on race, colour, religion, creed, age, sex, sex stereotype, gender, gender identity or expression, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy, veteran or military service status, genetic information, or any other characteristic protected by law.

VIL is an equal opportunity employer committed to diversifying its workforce.

Role

Lead – Risk & Governance

Job Level/ Designation

(M2) AGM

Function / Department

Technology Security (IT & Telecom)

Location

Mumbai

Job Purpose

• This position would be required to ensure effective management of cyber risks across IT, digital, network & other enterprise functions. Also, to ensure effective governance of the Technology Security function
• Responsible for maintaining and monitoring the organization's information security compliance by enforcing KPIs and SLAs across key security functions, including SOC, SecOps, Risk Assurance, Compliance & Data Privacy.
• This role also involves conducting risk assessments, implementing mitigation controls, managing vendor de-risking programs, and driving the Security Assurance program to maintain the organizational risk score and align with business objectives.

Key Result Areas/Accountabilities

Security Governance

1. Define and implement cybersecurity strategies, policies, and procedures to strengthen overall security governance and ensure alignment with organizational objectives.
2. Plan and conduct governance forums at both working and leadership levels, ensuring systematic closure of actionable items and effective management of stakeholders.
3. Oversee partner and OEM governance through regular reviews of KPIs, KCIs, and SLAs, driving improvements in the GRC domain to enhance security compliance.
4. Support the implementation of GRC process and project automation initiatives to optimize security operations and compliance efforts.
5. Track the performance of the security vertical to ensure optimal resource utilization and identify improvement areas.
6. Prepare and present functional updates, including security-related presentations, to senior management and leadership teams.
7. Ensure adherence to regulatory compliance and reporting requirements for bodies like NCIIPC, DOT, CERT-In etc.
8. Engage with internal and external auditors, regulatory bodies, and government forums, providing necessary reports and evidence to meet compliance standards.
9. Governance of unauthorized software’s & Risky firewall rules
10. Oversight of Third-party vendor risk management

1. Support Security Technologies Inception which included preparing SOWs, business cases, and technical evaluations for new or enhancement in technologies.

Risk Assurance & management

1. Govern the teams who Manages Security Services partners, ensuring effective security governance, timely audits, and remediation of vulnerabilities for critical IT assets and applications.
2. Conduct periodic master calendar reviews for applications, perimeter, and external-facing IPs, and provide governance for supporting vendors.
3. Provide business-centric KPIs, dashboards, and reports to track security performance, compliance, and risk posture, ensuring continuous improvement and alignment with organizational goals.
4. Manage and maintain cyber security risk posture (IT and IS process control related to risk) / compliance; periodic review and follow up of overdue, pending RAF
5. Track for closure of Vulnerabilities (IT, Telecom and Digital), Penetration Testing, and Technical Controls Review on a periodic manner for IT and its related assets.
6. Identification, classification & assessment of critical IT assets, Applications to identify risks associated with them and ensuring mitigation of the same for both internal assets & assets managed by third parties viz. vendors, partners etc.
7. Implementation & maintenance of a Third-party vendor risk management framework to periodically assess critical vendors & partners of VIL, perform risk assessment and mitigation of identified risks, Track and monitor remediation plans prepared by the third party to closure, Review closure evidence provided to determine appropriate closure
8. Ensure on-time, quality and effective Security Gating Process by way of strong governance on assessment teams
9. Verify and approve risk exceptions requests related to Firewall, Internet access, VPN access & conduct proper security Architecture checks and zoning implementation
10. Conduct periodic Master calendar activity for All applications, Perimeter and External facing IPs.
11. Review and audit vulnerable critical assets in timely manner
12. Periodic governance of Supporting vendors and support Internal/ External audits
13. Provide business centric KPI, Dashboard and Reports.

Core Competencies, Knowledge, Experience

• Minimum 7-8 years of experience in IT and cybersecurity, focusing on Risk & Governance Management.
• Expertise in application security (web, mobile, API, and source code testing).
• Strong knowledge of Risk Management, IS principles, and security architecture.
• Proven leadership skills with a track record of team collaboration and delivering under pressure.
• Excellent communication skills for engaging senior management.
• Strong problem-solving skills and crisis management capabilities.
• Proficient in application security technologies, processes, and KPIs.
• Familiar with Indian regulatory standards and cybersecurity frameworks.

Must have technical / professional qualifications

Bachelor's degree in computer science/information security or related field; Master's degree is a plus; certifications in security domain preferred viz CRISC, CISM, experience in banking or telecom is a plus.

Vodafone Idea Limited (formerly Idea Cellular Limited)
An Aditya Birla Group & Vodafone partnership