Head – Information System, Audit and Compliance

ROLE SUMMARY

The Head of Information System, Audit, and Compliance is responsible for organization’s information security governance, risk management, and compliance frameworks are robust, aligned with regulatory requirements, and continuously improved to mitigate risks and enhance security controls. The role will be responsible for overseeing and leading the organization's information security audit and compliance functions across all business units and regions.

The Head will be responsible for developing and executing a strategic audit plan for information security, ensuring adherence to industry standards (such as RBI and other relevant guidelines), and managing a team of skilled auditors. Additionally, the role involves driving operational governance related to information security and audit functions, enabling improvements in efficiency through robust compliance frameworks, and fostering a culture of security awareness and innovation within the team.

The Head will focus on enhancing the skills and capabilities of the information security team while creating an environment that promotes high performance.

KEY RESPONSIBILITIES

Strategic Direction

- Develop and implement a comprehensive information security audit strategy aligned with the organization’s business objectives, risk appetite, and regulatory requirements
- Ensure the development and execution of the audit framework, annual audit plan/calendar, prioritizing audits based on risk assessments and business impact.

Risk & Compliance

- Review and ensure that information security governance frameworks and policies are well-defined, communicated, and adhered to across MFL.
- Oversee and ensure compliance with regulatory requirements, such as RBI guidelines, ISO 27001, PCI DSS, GDPR, and other relevant standards specific to the Non-Banking Financial Company (NBFC) sector.
- Assess and evaluate the information security risk across business units and implement appropriate controls and mitigation strategies.
- Lead end-to-end audits of the MFL’s IT systems, infrastructure, applications, and business processes, focusing on identifying security vulnerabilities, non-compliance issues, and gaps.
- Evaluate the effectiveness of existing controls and security measures, providing recommendations for improvements.
- Ensure periodic reviews of third-party vendors and service providers to ensure they comply with the company’s security standards and regulatory obligations.
- Provide regular updates to the Board on risk and compliance matters, incorporating their feedback into the overall strategy and operational plan

Stakeholder Management & Reporting

- Collaborate with various business units, including IT, Risk, Legal, and Compliance, to promote awareness and understanding of security audit findings and best practices.
- Work with the business units and functions for ISO certification
- Work with the external auditors, regulators, and other stakeholders to ensure alignment on compliance-related issues.
- Prepare and present audit reports, findings, and recommendations to senior management and quarterly to the Audit Committee.

Operational Excellence

- Leverage information security practices effectively while driving innovation for efficiency improvements, ensuring that compliance considerations remain central to all initiatives
- Lead efforts to enhance security and compliance across all existing and future products, services, and processes to maintain a competitive advantage
- Develop and lead training programs to enhance awareness and understanding of security and compliance within the organization.
- Drive the continuous improvement of information security policies, procedures, and audit methodologies, ensuring they remain relevant and effective in addressing emerging risks.

Team management and capability development

- Develop clear goals for the compliance team and facilitate alignment with broader organizational objectives, regularly reviewing team performance and providing constructive feedback
- Identify training needs and implement capability-building programs that empower teams to excel and adapt to the evolving regulatory landscape
- Foster a culture of…