Chief Information Security Officer

Job Description:

The job purpose is to lead and implement comprehensive cybersecurity and information security

initiatives, including policy development, risk assessment, incident management, and compliance.

Responsible for data privacy protection, infrastructure security, vendor management, and fostering a

security-conscious culture.

Roles and Responsibilities:

1. Security Strategy & Governance:

▪ Define and implement enterprise-wide information security strategies and policies.

▪ Establish security frameworks, ensuring alignment with business objectives.

▪ Oversee security governance, risk, and compliance (GRC) programs.

▪ The CISO will be a member of the Information Security Risk Management Committee which

will be responsible for development and implementation of information/cyber security

policies, monitoring information security projects/awareness initiatives and reviewing cyber

incidents, information systems audit observations, monitoring and mitigation activities.

2. Cybersecurity & Risk Management:

▪ Identify, assess, and mitigate cybersecurity threats and vulnerabilities.

▪ Implement security controls to protect critical assets, applications, and data.

▪ Monitor emerging security threats and ensure proactive risk mitigation.

▪ Application security and Vendor risk assessment standards

▪ Technology risk Assessment

3. Compliance & Regulatory Requirements:

▪ Ensure compliance with industry regulations (ISO 27001, NIST, GDPR, PCI-DSS, etc.).

▪ Work with auditors, regulators, and stakeholders to ensure legal compliance.

▪ Drive security awareness programs across the organization.

4. Incident Response & Crisis Management:

▪ Develop and manage cybersecurity incident response plans.

▪ Lead investigations into security breaches and cyber incidents.

▪ Coordinate disaster recovery and business continuity planning.

5. Technology & Security Architecture:

▪ Oversee security architecture for cloud, network, application, and endpoint security.

▪ Evaluate and implement security tools such as SIEM, IAM, DLP, and endpoint protection.

▪ Work closely with IT and DevOps teams to integrate security best practices.

6. Leadership & Stakeholder Collaboration:

▪ Lead and mentor a team of cybersecurity professionals.

▪ Collaborate with executive leadership to align security strategies with business

goals.▪ Report security, risks, and recommendations to senior management and the board.

Skills Required

▪ Bachelor’s degree in computer science, Computer Engineering, or a related field.

▪ CISM, CISSP, CISA, CCSP Certified / ISO 27001 Certified Lead Implemented / Lead Auditor

▪ Forensics capability

▪ Project Governance and Project risk management standards including methodology for

assessing project risks and reporting project risks to IS Team

▪ A proven ability to manage and monitor program timelines, deliverables, budgets and

financial performance

Relevant Experience

• Experience and exposure to Information/cyber Security in a professional enterprise and minimum

15-18 year's managing Information Security standards in financial services or banking industry with

exposure to ISO 27001:2013, COBIT, PCIDSS standards.

• Systems Forcepoint, Zscaler, F5, Microsoft Azure WAF, Virsec, CISCO, Sonic Wall, Applications like

Apache Tomcat, IIS etc, Business Applications like Core Banking Systems, Securities System, Web and

Mobile Applications.

• The CISO Responsibilities as per the IRDAI Information and Cyber Security Guidelines.