Formulate and implement Information Security and Cyber security risk management policies

Provide relevant information to CRO regarding the information Security and Cyber risks

For the relevant functional risks, identify, analyze and report the following to the CRO and CEO along with recommended action plan for:

• o   Early warning signals

• o   Emerging risks

• o   Major findings
  Ensure escalation of such incidents to CEO / CRO

Ensure adherence to the guidelines pertinent to SEBI in respect of RMF and relevant principles thereunder including risk identification, risk management, risk reporting (both periodic and escalation of material incident) and corrective actions taken.

Responsible for the governance (incl. reputation and conduct risk associated for the respective function)

Maintaining risk level as per the risk metric

Define specific responsibilities regarding risk management of key personnel reporting to CISO

Undertake immediate corrective action for non-compliance or major finding post approval from CEO as per DoP and shall report to CRO regarding the risk reports.

Perform adequate due diligence of outsourced vendors prior to onboarding

Ensure periodic assessment of outsourced vendors considering following elements:

• o   Review of vendors' people, systems and processes

• o   Documentation and communication of error tolerance and code of conduct and monitoring breaches

• o   Monitor fraud vulnerabilities in the outsourced process