Chief Information Security Officer Full Time

Role Overview

The Head CISO and IT Audit is responsible for leading and executing the organization’s IT audit strategy, providing assurance on the effectiveness of IT governance,and information security risk management, and controls across all technology environments.

This role provides independent assurance to senior management and the Audit Committee on the adequacy of IT controls, cybersecurity, data protection, and compliance with regulatory requirements.

The role requires strong technical expertise and the ability to align IT audit objectives with overall business strategy.

Internal audit/Assurance reviews completed as per Audit Plan-as approved by audit Committee of Board.

Main objective being –

• Undertake CISO role any ensure regular monitoring of email communication,USB,any other policy exceptionetc.
• Internal audit system/IT audit co-ordination and driving quality of audit with business and internal audit firms.
• Objectively review business IT risk leading to business risks and help in mitigation etc.
• Review and drive control related automation IT infrastructure, application, SAP configuration controls audits. Help management in improvement of efficiency of operation.
• Protect against loss/fraud by establishing process of red flag, exception reporting/data analytics etc. Pro-active internal audit intervention for control improvements/automated controls.

Key Challenges

• Developing and maintaining information security monitoring and audit processes and controls that meet requirements of control framework without compromising business growth and operational efficiency
• Incumbent takes decisions on operational aspect of the audit programme to be exercised.
• Role for developing effective operating systems
• Role to support and exploit synergies and maximise value from audit deliveries
• Lead automation and IT audits in order to have pro-active audit intervention etc.

Interactions: Internal Interactions-Functional HOD’s on an assignment basis and support team etc. interaction at all level, External, vendor etc. where required.

Key Responsibilities

• Develop and execute a comprehensive IT audit strategy aligned with organizational objectives and regulatory expectations.
• Establish risk-based IT audit plans covering applications, infrastructure, cybersecurity, digital initiatives, and emerging technologies.
• Lead end-to-end IT audits, including planning, fieldwork, reporting, and follow-up.
• Assess IT general controls, application controls, database security, access management, and change management processes.
• Present IT audit findings and recommendations to executive management and the Audit Committee.
• Partner with IT and Business leaders to ensure timely remediation of identified issues.
• Maintain strong relationships with external auditors and regulators.
• Monitor regulatory developments and assess impact on IT controls.
• Provide assurance over IT projects, digital transformation initiatives, and vendor risk management.
• Foster a culture of continuous learning, innovation, and professional excellence.

Key Skills & Competencies

• Strong knowledge of IT and Information Security frameworks (COBIT, ISO 27001, NIST, ITIL).
• Expertise in cybersecurity, cloud computing, SAP systems. advanced knowledge IT including SAP-MM, FI, and SD module and audit tools.
• Expert knowledge of MS, Excel.
• Strong analytical and problem-solving skills with ability to interpret complex IT risks.

Qualifications, Experience

• Bachelor’s degree in Information Technology, Computer Science, or related field.
• Professional certifications: CISM, CISSP, CISA (preferred). Additional commercial qualification such as C.A, CFA etc. will be added advantage

1. 10 – 12+ years of experience in IT Audit, Technology Risk,Information Security.

Behavioural Skills

• Analytical/ Probing Skills, Conceptual thinking, Aptitude to pick up new practices and concepts quickly.High levels of Initiative, Integrity and Self Confidence and presentation skill.