Primary ResponsibilitiesOwn and govern 24x7 Security Operations Center (SOC) services delivered by external vendors.Define SOC operating model, SLAs, KPIs, escalation procedures, and reporting mechanisms.Oversee monitoring, detection, triage, and response activities across endpoints, networks, servers, cloud, and applications.Act as the primary point of contact for SOC vendors and security service providers.Define and maintain security architecture standards aligned with NIST, ISO 27001, IRDAI, and BFSI best practices.Establish baseline security controls across infrastructure (on-prem, cloud, network, endpoints).Incident Response & Cyber RecoveryLead and coordinate security incident response activities for high and critical incidents.Act as a senior technical advisor during cyber incidents, including ransomware, phishing, malware, and data leakage events.Ensure incident containment, eradication, recovery, root-cause analysis, and post-incident reviews.Vulnerability & Risk ManagementOversee vulnerability management processes driven by vendors and internal teams.Ensure infrastructure risk assessments are performed and remediated in a timely manner.Track, prioritize, and report cyber risks to senior management and risk forums.Produce meaningful metrics on vulnerabilities, threats, and remediation effectiveness.Metrics, Reporting & GovernanceDefine security operations KPIs and KRIs for SOC, incidents, vulnerabilities, and recovery readiness.Provide executive dashboards and quarterly reports on security posture to CIO, CISO, and senior leadership.Support audits, regulatory assessments, and compliance reporting (IRDAI, ISO).Secondary ResponsibilitiesIdentity & Access Management (IAM)Define and enforce MFA, RBAC, segregation of duties, and just-in-time / just-enough-access models.Coordinate with IAM and PAM vendors (e.g., One Identity) for implementation and operations.Security Awareness & CulturePromote a strong security-aware culture within IT and across the organization.Support security awareness and phishing simulation programs driven by internal teams or vendors.Personal Data Discovery & Classification(DPDP-Tool Implementation) Ensure tools and processes are implemented to discover, classify, and label personal and sensitive personal data across: Core insurance applicationsDocument management systemsEmail, endpoints, databases, and cloud storage (Azure)Work with IT and vendors to implement data tagging and classification policies (PII, financial data, medical data).
Job Title
Sr Lead - IT Risk & GRC