Associate Vice President- Cyber Security

Taj

Job Objective

The Associate Vice President – Cyber Security is responsible for establishing and leading IHCL’s cybersecurity program to protect the company’s information assets, guest data, and critical systems across all hotel operations and digital platforms. This mid-senior role will drive day-to-day security operations – overseeing threat monitoring, incident response, and vulnerability management – while also contributing to the strategic security roadmap to support future business growth and compliance needs. The AVP will ensure proactive defense and rapid incident handling to minimize risk, working within IHCL’s hospitality context to uphold trust and safety for guests and employees. Ultimately, this role’s objective is to continuously enhance IHCL’s security posture (processes, technologies, and policies) in alignment with industry best practices and the Tata Group’s governance standards, enabling secure digital innovation and resilience against evolving cyber threats.

Key Responsibilities

Security Operations & Incident Response:

• Lead the 24×7 outsourced SOC for proactive threat detection and rapid incident handling.
• Act as incident commander during major events and conduct post-incident reviews.

Threat Intelligence & Vulnerability Management:

• Implement real-time threat intelligence programs and oversee VAPT cycles.
• Ensure timely remediation of vulnerabilities across corporate and hotel systems.

Governance, Risk & Compliance:

• Drive compliance with ISO 27001, PCI-DSS, DPDP Act, and other regulations.
• Develop and enforce security policies and frameworks aligned with Tata Group standards.

Data Protection & Privacy:

• Champion guest and employee data protection, ensuring GDPR and DPDP compliance.
• Maintain PCI-DSS adherence for payment security across all properties.

Security Awareness & Training:

• Build a culture of security through training, phishing simulations, and drills.

Technology & Architecture:

• Oversee deployment of SIEM, EDR, IAM, SOAR, and cloud security solutions.
• Ensure secure-by-design principles in all IT and digital initiatives.

Leadership & Vendor Management:

• Mentor InfoSec teams and manage MSSP and third-party vendors for optimal performance.

Key Interfaces

Internal:

External:

Qualifications

• Education:

  Bachelor’s in IT or related field; Master’s preferred.

• Certifications:

  CISSP/CISM preferred; CEH, GIAC, CISA advantageous.

• Experience:

  10+ years in InfoSec, 5+ years in leadership roles.
• Hands-on SOC and incident response experience.
• Hospitality industry experience is a plus.

Behavioral Competencies

The candidate must demonstrate strong leadership and interpersonal skills. They should be able to inspire and guide teams, influence stakeholders across levels, and foster collaboration across departments. Analytical thinking is essential for solving complex problems under pressure, while clear communication skills are needed to translate technical issues into business language for non-technical audiences. A strategic mindset will help align cybersecurity initiatives with IHCL’s long-term goals, and adaptability is crucial in responding to evolving threats. Integrity and accountability are foundational, ensuring ethical decision-making and ownership of outcomes.

Functional / Technical Competencies

This role demands deep expertise in incident response, including containment, recovery, and forensic analysis. The candidate should be proficient in managing Security Operations Centers (SOC), using SIEM tools for monitoring and alerting. They must be skilled in conducting risk assessments and managing vulnerabilities, ensuring timely remediation. Familiarity with security frameworks like NIST, ISO 27001, and compliance standards such as PCI-DSS and DPDP is essential. A strong grasp of network, cloud, and application security is required, especially in hybrid environments and hotel technologies. The AVP should be experienced in deploying and managing tools like EDR, IAM, SOAR, and DLP, and capable of integrating threat intelligence into proactive defense strategies. Data protection expertise, including encryption and access control, is also critical to safeguard guest and employee information.