Tata Communications
Website:
tatacommunications.com
Job details:
About The Company
Tata Communications Redefines Connectivity with Innovation and IntelligenceDriving the next level of intelligence powered by Cloud, Mobility, Internet of Things, Collaboration, Security, Media services and Network services, we at Tata Communications are envisaging a New World of Communications
Deputy General Manager (DGM) – Cyber Security Governance, Risk, and Compliance (GRC)
The Deputy General Manager of Cyber Security GRC is a high-impact leadership position responsible for the strategic design, implementation, and oversight of the enterprise-wide Cyber Security Risk and Governance Framework. Operating within a complex global environment encompassing 10+ product lines and 39+ global locations, this leader serves as the primary custodian of organizational trust, ensuring that security posture is not only compliant with international standards like ISO 27001 and SOC 2 Type II but also aligned with evolving global regulations and business objectives.
This is a business-aligned leadership role that bridges the gap between technical security requirements and executive decision-making. The DGM will orchestrate a sophisticated assurance ecosystem—balancing internal governance, third-party risk, and customer-facing security transparency—to provide the Board and CXOs with a consolidated, intelligence-driven view of the organization’s cyber risk profile.
Strategic Responsibilities
- Governance Architecture: Define and evolve the enterprise GRC operating model to support digital products, cloud platforms, and telecom infrastructure.
- Strategic Alignment: Align the cyber security roadmap with global regulatory shifts (DORA, GDPR, DPDP) and business growth objectives.
- Business Security & Privacy Office (BSPO): Direct the governance of the BSPO framework to embed security and privacy-by-design across all business units.
Governance & Compliance Responsibilities
- Multi-Standard Oversight: Lead the end-to-end certification lifecycle for ISO 27001 and SOC 2 Type II across 39 global locations and 10+ product portfolios.
- Lab & Specialized Environment Governance: Establish and govern compliance frameworks for Lab networks, ensuring technology and process assurance through rigorous auditing.
- Policy Orchestration: Maintain and enforce the Enterprise Information Security Management System (ISMS), ensuring relevance in a multi-cloud and managed services environment.
Risk Management Responsibilities
- Enterprise Risk Ownership: Own the Cyber Security Risk Management Framework, overseeing the full lifecycle from identification to executive risk acceptance.
- Risk Consolidation: Synthesize disparate risk data into a unified enterprise risk register, providing a "single pane of glass" view for senior management.
- Quantitative Risk Analysis: Shift risk reporting from qualitative assessments to data-driven, actionable risk intelligence.
Stakeholder & Customer Assurance Responsibilities
- Customer Trust Leadership: Act as the executive point of contact for customer security assurance, leading responses to complex RFPs, RFIs, and security questionnaires.
- Sales Enablement: Partner with business development teams to articulate the organization’s security value proposition to Tier-1 global clients.
Audit & Regulatory Responsibilities
- 360-Degree Audit Governance: Manage the execution of 1st-party (internal), 2nd-party (customer/vendor), and 3rd-party (certification/regulatory) audits.
- Third-Party Risk Management (TPRM): Govern the "Security for Suppliers" framework to ensure the supply chain adheres to enterprise resilience standards.
- Regulatory Liaison: Manage interactions with global regulators and legal teams to ensure compliance with critical infrastructure and data protection mandates.
Leadership & Reporting Responsibilities
- Executive Reporting: Develop and present board-level dashboards, KRIs, and KPIs that translate technical risk into business impact.
- Cross-Functional Influence: Collaborate with Legal, Procurement, Product Engineering, and IT leadership to drive a culture of accountable governance.
- Required Qualifications & Experience
- Experience: 18–25+ years of progressive experience in Information Security, with at least 8 years in a senior GRC leadership capacity within a global enterprise.
- Education: Bachelor’s/Master’s degree in Computer Science, Information Technology, or a related field. MBA or advanced management degree is highly preferred.
- Industry Background: Proven track record in Telecom, Managed Services, Cloud Platforms, or highly regulated global industries.
- Technical & Regulatory Expertise
- Framework Mastery: Expert-level knowledge of ISO 27001, SOC 2 Type II, NIST CSF, and Cloud Security principles.
- Regulatory Command: Deep understanding of GDPR, DORA, India’s DPDP Act, and international telecom security regulations.
- Ecosystem Knowledge: Familiarity with the security challenges of Lab environments, CI/CD pipelines, and hybrid-cloud architectures.
- Leadership Competencies
- Executive Presence: Ability to engage and influence CXOs, Board members, and external Regulators.
- Strategic Vision: Capacity to anticipate industry trends and pivot governance frameworks accordingly.
- Conflict Resolution: Proven ability to balance stringent security requirements with business agility and speed-to-market.
- Preferred Certifications
- Core: CISSP, CISM, or CRISC.
- Audit/Governance: CISA, ISO 27001 Lead Auditor/Implementer.
- Cloud/Privacy: CCSK, CCSP, or CIPP/E.
- Success Indicators / KPIs
- Zero Critical Non-Conformities: Successful maintenance of all ISO 27001 and SOC 2 certifications across all locations.
- Assurance Cycle Time: Reduction in lead time for responding to customer security RFPs and audits.
- Risk Mitigation Efficacy: Measurable improvement in the organization’s risk posture through the closure of high-impact risk items.
- TPRM Maturity: Percentage of critical suppliers verified against the Security for Suppliers framework.
- Stakeholder Satisfaction: Positive feedback from business unit leaders on the clarity and utility of GRC reporting.
Click on Apply to know more.