Orange Business Services

about the role

The Chief Security Officer is responsible for the organization's Security Program including but not limited to daily operations of the IT security program, oversight of the annual and ongoing risk assessment process, development, implementation, and maintenance of policies and procedures, ensuring the confidentiality, integrity and access of assets as well as investigation and tracking of incidents and breaches and in compliance laws/regulations and policies.

key accountabilitieskey accountabilities

• Serve as an expert advisor to OBSISPL leadership in the development, implementation, and maintenance of an information security management system.
• Provide guidance and advocacy regarding prioritization of infrastructure investments that impact security.
• Developing, publishing, and maintaining comprehensive information security strategy, plans, policy, procedures, and guidelines
• Fostering a culture of physical and digital security awareness by conducting training sessions and communicating with personnel.
• Acting as ombudsman for disputes, requests for exceptions, and complaints regarding India MSC information systems security policy, practices, and related issues
• Acting as Information Security Manager (ISM) for driving ISO 27001 initiatives
• Acting as the primary control point during significant information security incidents
• Advising on risk issues that are related to information security and recommending actions in support of wider risk management programs
• Monitor information security trends internal and external to the organization and keep OBSISPL leadership informed about information security-related issues and activities affecting the organization
• Understand potential threats, vulnerabilities, and control techniques and communicate this information to departmental system administrators
• Assist units as necessary to investigate security breaches and pursue associated disciplinary and legal matters
• Act as a primary contact point for India MSC with Orange Business Services Global Security Organization.
• Seeks guidance and support from Head – India MSC, Security Executive Steering Committee, Global Security Organization/Chief Security Officer and lead OBSISPL Information Security Organization

key result / decision areas (outcomes)

• Builds a strategic and comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled and processed within the organization.
• Ensures information security policies, standards, and procedures are up-to-date.
• Review any remedial work / punitive action related to security breaches / non-compliance incidents. For this purpose, the legal and human resource department’s consent would have to be obtained on any punitive action to be taken against an employee on account of non-compliance.
• Periodically assess the awareness of information security at OBSISPL.
• Periodically review information security policy and procedure to ensure confidentiality, integrity and availability
• Review risk assessment reports compiled by CSG team and Security Audit Committee.
• Providing basic information security training to existing staff in the locations from time to time. This responsibility also covers that any new staff members be given a security briefing during induction.
• Responsible for monitoring vendor websites and other approved websites for latest vulnerability listings. This includes the preparation of prioritisation plan for implementation of fixes for vulnerabilities that are discovered from time to time.
• Keep Sr. management updated on effective and efficient approaches for information security.
• Provide reports to Global Security Organization
• Provide a report of security policy violations and security incidents as and when they occur.
• Oversee all information security processes, and, serve as the focal point for all information security issues and concerns.
• To bring any possible security threats to the notice of the ‘Orange Business Services - Chief Security Officer’ and ‘OBSISPL - Security Executive Steering Committee’

about you

• Degree Holders with good Telecom / Data / IP Network / Security knowledge.
• Excellent verbal & written communication skills in English language
• Exceptional managerial skills and the ability to lead a team
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Ability to research and stay up to date with security trends, as well as changing government and state laws / standards
• Proven proficiency in developing physical and information security protocols and procedures
• Minimum of 10 to 12 years of experience in a combination of risk management, information security and IT jobs with at least 6 years' experience working in information Security domain
• Security certifications such as CISM / CISSP / ISO LA / CEH etc preferred
• Good knowledge of common information security management frameworkssuch as ISO27001 and SOC
• Proven ability in translating business questions / problems into hypotheses to test and solve through the use of advanced analytical techniques.
• Proven track record of open and non-open source intelligence gathering, including strong use of commercial databases and Internet research.
• Excellent communication, negotiation and presentation skills. Ability to effectively communicate, both orally and in writing, through all levels of the organization.
• Self-motivated with the ability and maturity to make decisions in the absence of detailed instructions.

additional information

Minimum of 10 to 12 years of experience in a combination of risk management, information security and IT jobs with at least 6 years' experience working in information Security domain

contract

Regular