Chief Information Security Officer

Position Overview

The Chief Information Security Officer (CISO) is responsible for driving the organizations cyber security strategy and ensuring compliance with applicable regulatory and statutory requirements, including the Reserve Bank of India (RBI) guidelines, ISO 27001, and other relevant standards. The CISO enforces policies to protect the organizations information assets, coordinates cyber security-related matters internally and externally, and ensures the effective operation of security technologies and processes. The role involves oversight of the Security Operations Centre (SOC), leading cyber security projects, and reporting on the organizations cyber security posture to senior management and the Board.

Key Responsibilities

• Drive the organizations cyber security strategy in alignment with business and regulatory
  requirements

  .

• Ensure compliance with RBIs extant regulatory/statutory instructions on information and cyber security.

• Enforce and oversee implementation of information security policies and frameworks to safeguard information assets.
• Coordinate cyber security-related matters within the organization and with relevant external agencies/regulators.
• Act as a permanent invitee to the IT Strategy Committee (ITSC) and IT Steering
• Manage and monitor the Security Operations Centre (SOC) to ensure effective detection, response, and resolution of cyber threats.
• Lead and drive cyber security-related projects and
• Ensure effective functioning and continuous improvement of deployed security solutions (e.g., SIEM, EDR, DLP, firewalls, email gateways).
• Place a quarterly review of cyber security risks, arrangements, and preparedness before the Board, Risk Management Committee of the Board (RMCB), and ITSC.
• Oversee incident management and breach reporting in line with regulatory

Skills & Competencies

• Strong understanding of RBIs cyber security guidelines, ISO 27001, NIST CSF, and other security frameworks.

• Proven leadership and stakeholder management
• Expertise in cyber risk assessment, vulnerability management, and incident
• Strong analytical, problem-solving, and decision-making
• Excellent communication and presentation abilities for Board and regulatory
• Ability to manage large-scale security operations and

Pre-Requisites:

• Education: Bachelor or Master degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Certifications: CISSP, CISM, CISA, CRISC, ISO 27001 LA/LI, or equivalent (preferred).
• Experience: Minimum 1015 years of IT/Information Security experience, with at least 5 years in a senior leadership role handling cyber security, governance, risk, and compliance functions, preferably in the financial services sector and capability to manage IT Infrastructure.