Business Information Security Officer (BISO)

JOB PURPOSE

To manage & support Mumbai IT Operations conforming to Corporate IT Policies & Procedures, Vendor Management, corporate IT security, Compliance & governance defined to satisfy the business needs.

The purpose of the position is to manage and enhance Cyber Security posture of respective GMR Businesses, working closely with Group CISO. In the current environment of digital interconnectivity, GMR has accepted technological advances related to cloud computing and mobility solutions. Additionally, Legal and Regulatory compliance requirements for IT are influencing the landscape of IT. Securing information assets is therefore crucial for protecting the company’s reputation and meeting its business objectives. The position is intended to give additional focus to the operational and compliance tasks of IT Security of the airports.

ORGANISATION CHART

KEY ACCOUNTABILITIES

Accountabilities    Key Performance Indicators
Work under guidance of Group CISO and Business CIO, and be responsible for Information security operations, Risk management and Security Solutions for the business.
    1.    Information security program maturity
2.    Effective compliance to Information security policies, processes and procedures
3.    Ability to timely identify, communicate and mitigate business information security risks
4.    Effective organizational information security culture
5.    Performance of information security metrics within SLAs and project execution per plan
6.    Continuous learning and certification attainment.
7.    Stakeholder feedback on security initiatives and support.
8.    Effectiveness of security controls and technologies.
9.    Completion rates of security training programs.
10.    Reduction in identified vulnerabilities and risks over time.
11.    Compliance with regulatory standards (Cert-In, NISST, ISO, DPDP) and industry-specific OT security frameworks (e.g., ISA/IEC 62443).

Establish and maintain governance frameworks, policies, and procedures to ensure effective management of information security risks, including those specific to Operational Technology (OT).    
Build and maintain effective relationship with a Business and Technology stakeholders to effectively drive information security program vision. 
    
Maintain and communicate the Information security controls health and program status to the management.
    
Own and communicate the roadmap for Information security, aligned with Group information security strategy and program. 
    
Conduct regular risk assessments and vulnerability evaluations specific to airport and energy plant IT / OT environments.

Implement risk mitigation measures and monitor the effectiveness of controls to reduce security risks related to IT/ OT systems.    
Lead incident response planning and execution for cybersecurity incidents affecting both IT and OT environments in airport and energy plant operations.Coordinate with internal teams and external stakeholders to investigate and respond to security breaches and incidents promptly, ensuring minimal disruption to operations.

KEY ACCOUNTABILITIES - Additional Details

Foster a culture of security awareness and compliance throughout the organization, including OT systems and their integration with IT    
Ensure compliance with relevant regulatory requirements, industry standards, and best practices related to information security in airport and energy sectors    
Collaborate with IT and OT teams to implement and manage security technologies, including firewalls, intrusion detection systems, endpoint protection, and specialized OT security solutions.

Monitor security infrastructure for vulnerabilities and recommend improvements to enhance overall security posture in both IT and OT domains.    
Coordinate testing and validation of contingency plans to ensure readiness for potential disruptions or disasters affecting critical infrastructure    
Plan, build and deliver Information Security services and initiatives to:
•    support Information security compliance activities and audits, including regular policies and configuration reviews
•    run projects for security capability / maturity improvement in line with group’s Information security vision
•    deliver point services such as vulnerability assessments, project risk assessments, architecture reviews
•    perform technical security review (infra, apps, processes) for business/ technology initiatives and any changes to the environment
    
Advise business stakeholders on how to achieve the relevant Information security controls and assist with solutions to support them.
    
Effectively represent business in front of Government sectoral and nodal cybersecurity and investigative agencies like Bureau of Civil Aviation Security (BCAS), National Critical Information Infrastructure Protection Center (NCIIPC), Cert-IN, CBI etc.    

EXTERNAL INTERACTIONS

Internal - Roles you need to interact with inside the organization to enable success in your day to day work
Human Resources (Manager or other applicable roles) – To enable processes related to user awareness
Facilities Management (Manager or other applicable roles) – To enable processes related to Physical Security. 
Legal and Compliance (Manager or other applicable roles) – To enable implementation of Legal and Compliance requirements such as IT Act. 
Ethics and Integrity (Manager or other applicable roles) – To facilitate investigations. 
External Corporate Communications (Manager or other applicable roles) – To ensure public facing websites are secure. 
 

INTERNAL INTERACTIONS

External - Roles you need to interact with outside the organization to enable success in your day to day work
Consulting partner who manages security solutions and processes of GMR
OEMs whose security solutions are implemented / planned to be implemented
Government agencies such as Cert-IN, NCIIPC etc. 
 

FINANCIAL DIMENSIONS

•Ensure Cost within the AOP

OTHER DIMENSIONS

•Handling Outsourced local IT Helpdesk & BMC Helpdesk at Bangalore (Total 2 Nos)
•Vendors (10 Nos)

EDUCATION QUALIFICATIONS

• Graduate with interest in the area of Information Security/ Cyber Security/ Network Security/ Application Security/

       Mobile Security

• Understanding of security frameworks from ISO, OWASP, NIST, Gartner
• Analytical and problem solving ability
• Graduate (B.E, B Tech) with expertise in areas of IT Security / Cyber Security / Network Security / Information Security
• Security certifications such as CEH, CISSP, CISM, ECSA etc.
• Understanding of security frameworks from ISO, OWASP, NIST, Gartner
• Security experience in areas/tools related to Network, Wireless, Mobile, Cloud or SIEM solutions

Excellent analytical and problem solving ability.

RELEVANT EXPERIENCE

• Relevant experience – 8 – 10 years in Cybersecurity.
• Total experience –   approx. 15 years
• Has worked in capacity of Information Security Manager / Leader for organization of similar complexity. Else worked in the top team of the Cybersecurity organization in an organization of repute.
• Must have skills: Information Security, Network & Application Security, CEH, CISSP

COMPETENCIES