WHO WE ARE
Avendus is a leading provider of financial services and lays emphasis on creating customized solutions in the areas of Investment Banking, Wealth Management, Institutional Broking, Asset Management and Credit Solutions. We walk alongside high performing entrepreneurs, wealth creators and pioneers of the new age economy in their quest to outperform. Avendus relies on its in-depth domain expertise and understanding of diverse regulatory frameworks to identify value creating opportunities. We craft bespoke solutions for clients and partners with the pooled intellectual capital of our team.
Established in 1999 in Mumbai, India, Avendus presence in eleven cities across four countries brings global perspectives and thought leadership to the table and equips the teams with the expertise to handle large and complex transactions.
More information on https://www.avendus.com/india
ROLE
Information Security leadership role that utilizes his/her experience in ISMS implementation & audit management to strategize, improve and streamline information security governance within the organization. The role will be responsible for developing, implementing, and monitoring a strategic, comprehensive enterprise information security management program and protect the organization from cyber security and data breaches.
KEY AREAS OF RESPONSIBILITY
- Provide leadership to the enterprise's information security organization
- Draft / Coordinate / Monitor information & data security process/policies to ensure compliance as per necessity by IT Act / statutory regulatory bodies (e.g. RBI, SEBI, GDPR, UIDAI etc.) / info security (ISM) guidelines and circulars with respect to Technology in coordination with internal & external stakeholders
- Periodic review of IT process/policies and issue an advisory note to overcome gaps/loops by highlighting risk associated to it
- Introducing new process/policies by doing market study/survey relevant to our business and info/infra security by highlighting risk and necessity
- Evaluate regulatory circular applicability and conduct impact analysis along with relevant compliance team; ensure implementation of the same as applicable
- Participate, coordinate and assist in internal & external technology & cyber audits and risk assessments / VAPT with necessary amendment to existing process/policy in order to close open gaps or introduce new process/policy to close the risk
- Working with technology team and business units to constantly monitor the adoption of all tech & cyber security guidelines and flag / take actions as and when needed
- Analyzing IT security threats in real-time and mitigating these threats
- Ensuring that any newly acquired / developed technology complies with the technology security regulations and standards
- Ensuring that no internal breaches or misuse of data take place. Determining the cause of internal and external data breaches and instituting appropriate corrective action.
- Formalize, conduct vendor risk assessments audits and ensure implementation of gaps
- Define Cyber Security strategy & implement policy & technical controls to enhance Cyber Security
- Ensure necessary cyber security safeguards are designed implemented
- Creating and implementing a strategy for the deployment of information security technologies and solutions to minimize the risk of cyber-attacks
- Ensuring that newly acquired technology complies with the IT security regulations.
- Interact with business & functions through committees to ensure the consistent application of policies and standards across all technology projects and services
- Raise awareness of risk management concerns and preparedness across organization
- Ensuring that no internal breaches or misuse of data take place.
- Determining the cause of internal and external data breaches and instituting appropriate corrective action
- Presenting regular feedback reports on IT network security to the board of directors
- In case of external fraudulent/ tech related attacks breaches, be a part of the core team to drive mitigation outcomes and take the lead domain related aspects as required
EXPERIENCE/SKILLS REQUIRED
- A bachelor's degree in computer science, information technology, or a related field. An MBA is preferable.
- 12+ years experience in risk management, information security & governance
- Excellent understanding of current regulatory guidelines for technology from RBI/ SEBI
- Excellent project management and leadership skills
- Knowledge of information security management frameworks, such as ISO/IEC 27001
- Policy development and administration skills
- Knowledge of regulation and standards compliance
- Good knowledge of Cyber Security & Risk Assurance Process
- Strong diagnostic & decision-making skills and ability to lead meetings
- Ability to manage ambiguity and find suitable solutions to complex problems
- Effective people skills to manage & collaborate with cross functional teams
WHY IS THIS EXCITING
Avendus Capital is rapidly scaling all its business and collaborating with multiple regulators in India and abroad in this journey. Simultaneously we started the journey of technology led transformation last year under our new CTO and rapidly expanding the technology landscape with more and improved applications for all businesses. This tremendous growth in technology sophistication and regulatory challenges needs us to simultaneously strengthen our defenses on all information security paradigms and hence we are looking at a Head of Information Security (CISO) to lead and build the Infosec team and processes. The CISO will work closely with the Senior Leadership Team to define the strategic goals for enterprise security, application security, Infra & network security, build the roadmap to achieve these goals and work with the team and stakeholders to execute.
