Director Information Security

As BISO, you will be a key member of the Enterprise Security Office; leading a team responsible for overall security governance in global offices. This role will be the focal point for effective engagement between business areas and the Enterprise Security office. This role will be a trusted adviser to senior business and technology stakeholders and provide broad knowledge of security strategies, policies, processes, architecture, and road maps to enable divisions/business to understand and meet security requirements.

The successful candidate will be reporting to the VP & CISO in India and work closely with the with the business, supporting to operate within information security risk appetite across the enterprise. This role will be an essential business partner and will take responsibility for the assessing and managing information security risk for the business.

Key expectations:

• Design, manage and deliver an Information Risk Governance framework to ensure proper enforcement of enterprise security, collaborating with Global Cybersecurity Governance, Risk, and Compliance to develop a library of security controls that map industry and company standards to operational procedures, and accurately measures control effectiveness.
• Continuously improves end outcomes by defining, measuring, and optimizing end-to-end value streams utilizing Lean practices and leveraging data to make decisions.
• Leads aligned team in adopting effective agile practices and partners closely with ESRO and other Enterprise teams to govern technical solutions that most effectively enable the business processes.
• Initiates and fosters relationships with stakeholders across Technology Group and our business units that promote trust and increase responsiveness; balances individual stakeholder needs with business priorities assuring alignment with Global Cybersecurity strategies and objectives related to Information Risk Management.

Functional Attributes:

• Build and maintain effective relationship with division's Business and Technology stakeholders. Be the voice of ESRO in the division/business area and the voice of the business within ESRO.
• Raise the profile of security within the organization by being pro-actively engaged with stakeholders and customers.
• Align information security responsibilities and working practices of ESRO and security teams. Identify and resolve risks and issues.
• Facilitate planning, introduction, delivery of information security services and initiatives e.g. security capability / maturity improvement,
• Delivery of point services such as Compliance assessments (ISMS, HITRUST, Project risk assessments, Vendor assessments or any other compliances required for the local geography etc.)
• Collate demand for security and collaborate across the security team to balance supply and demand of security resources.
• Contribution to development and implementation of security architecture, and the design of security service and processes as appropriate.
• Ensure that policy compliance is appropriate to the organization's level of risk acceptance.
• Demonstrate to stakeholders that appropriate security controls are in place and own/create actions plans to manage improvement or change where necessary.
• Advise stakeholders on how to achieve the relevant controls and assist with solutions to support them.
• Where necessary ensure that processes are documented and communicated in language that is relevant and understandable to international and /or non-technical audiences.
• Support and deliver security initiatives as needed and be able to demonstrate and track progress to stakeholders.
• Manage divisional security incidents, working closely with group and divisional stakeholders.
• Any other duties relating to the remit of a role of this standing as required by the needs of the business.

Experience Required

• Strong understanding of Information Risk Management, compliance and security governance.
• Experience in a role balanced between business stakeholders and Enterprise Security (ESRO).
• Navigating a multifaceted, matrix organization; and
• Collaborating with multiple stakeholders across functional and technical skillsets.
• Analytical: Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
• Technical: Broad understanding of security technology.
• Business: High level understanding of utility/energy sector business model, service offerings, and business operating environment as it pertains to the firm's threat landscape. Ability to frame threats and exposures in a business context recognized by non-technical staff and executives.
• Domain landscape: Knowledge of technical security operating principles.
• Communication: Ability to leverage business communication skills to inform, persuade, and teach stakeholders across a global network of member firms staff and leadership to enable effective information security activities and processes in line with the cyber readiness program.

Must Have Skills

• Bachelor's Degree.
• 13 – 15 years of mix of experience in Information Security Risk & Governance.
• Exposure to Cloud-based applications/security governance.
• Working with senior business stakeholders.

Nice to Have Skills

• Hands-on in designing policies, procedures and standards, Risk Assessment etc.
• Strong analytical, problem solving and decision-making skills.
• In-depth understanding of competitor, financials and industry dynamics.
• Experience working successfully in a high matrix organization.
• Ability to work collaboratively in a global team with a positive team spirit.