Team Member - Infosec

Role Summary

This position supports information security governance, risk management, and compliance across the business. The role is focused on making sure security controls, vendor due diligence, legal protections, audit readiness, and AI-related safeguards are consistently applied and maintained.

Key Responsibilities

The job covers governance, risk, compliance, third-party security, legal review, audit coordination, and reporting. It also requires close attention to regulatory expectations and ongoing improvements in security practices.

• Run governance, risk, and compliance reviews covering security controls, business continuity, incident response, and documentation.
• Assess third parties, including vendors and AI service providers, through questionnaires, audits, contract checks, and ongoing monitoring.
• Review intermediary controls and oversight arrangements to confirm safe handling of data and alignment with policy requirements.
• Examine contracts and agreements to ensure the inclusion of security, privacy, AI governance, breach notification, and regulatory clauses.
• Work with internal teams and external parties to support audits, remediation tracking, and closure of findings.
• Prepare reports on security posture, open risks, remediation progress, and compliance status for stakeholders.
• Track changes in cyber threats, laws, and standards, and update controls and practices accordingly.
• Support ethical AI use by checking transparency, bias mitigation, security controls, accountability, and incident response readiness.

Job Context and Challenges

The position operates in a fast-changing environment where security governance must keep pace with evolving regulations, new technologies, and business needs. Success depends on balancing strict control requirements with operational efficiency while coordinating across many functions.

• Aligning security requirements with business priorities across departments such as IT, legal, HR, compliance, and business units.
• Staying current with changing cyber risks and ensuring controls remain effective, including AI security measures.
• Handling detailed documentation, remediation tracking, and audit preparedness despite frequent changes.
• Maintaining awareness and training efforts so staff understand new risks and compliance obligations.
• Managing vendor and intermediary assessments across different technology maturity levels and regulatory environments.
• Embedding security, privacy, and AI-related protections into contracts and managing associated liability concerns.

Scope of the Role

The role supports a workforce of 8,500 employees across the business unit, function, and department. It also involves oversight of a broad vendor ecosystem, frequent reviews of legal agreements, and coordination of multiple audits each year.

• Employee base in scope: 8,500 across ABHICL.
• Vendor and third-party oversight spans multiple service providers, including AI vendors, intermediaries, and contractors.
• Reviewing a high volume of contracts annually, often numbering in the hundreds.
• Supporting compliance with Indian cybersecurity and privacy requirements, including IRDAI and DPDPA.
• Coordinating recurring internal and external audits covering GRCA, TPRM, intermediaries, and AI compliance.

Key Result Areas

• Establish and maintain information security governance through policies, controls, audits, and ongoing monitoring.
• Conduct risk and compliance assessments, manage remediation actions, and close audit findings in a timely manner.
• Evaluate and monitor vendors, third parties, and AI service providers before and after onboarding.
• Review contracts with legal and compliance teams to confirm security, privacy, and AI governance protections.
• Provide clear reporting on risks, audit status, and security performance to relevant stakeholders.
• Monitor emerging threats and regulatory changes, then drive improvements to strengthen the security posture.
• Promote ethical AI and automation practices that are transparent, accountable, and free from avoidable bias.
• Plan and manage internal and external audits, including follow-up on non-compliance observations.
• Ensure company practices remain aligned with changing standards and legal requirements such as IRDAI and DPDPA.

Stakeholder Relationships

This role requires regular coordination with internal teams and external parties to deliver security and compliance objectives.

• Legal team: contract review and legal compliance support.
• IT department: deployment of security controls and incident response coordination.
• Compliance and business teams: regulatory adherence and audit coordination.
• Auditors: periodic security and compliance reviews.
• Business units and customers: gathering security requirements and reviewing risk impact.
• Incident response teams: supporting security incident management and resolution.
• Vendors and third-party providers: security assessment and continuous compliance monitoring.
• AI vendors: governance review, risk reduction, and transparency checks.
• Regulatory authorities: audit-cycle compliance reporting.

Additional Information

Position number: 9

Business unit: Aditya Birla Health Insurance

Effective date: 29-10-2025

Manager: Shrikant Iyer

Job holder: Jaya Pathak

Job template reference: Annexure I: ABG Job Description Template, HayGroup Job Description Template 2024, Version 1.1