Chief Information Security Officer (CISO)

As the Chief Information Security Officer (CISO) at Lakshya Asset Management Company, your role involves developing and implementing the information security framework to safeguard the digital assets, client data, and trading systems. You are expected to be a seasoned leader with expertise in cybersecurity, data protection, SEBI guidelines, RBI cybersecurity frameworks, and BFSI compliance. **Key Responsibilities:** - Formulate, implement, and maintain an enterprise-wide information security strategy aligned with business goals and regulatory obligations. - Define and enforce cybersecurity policies, standards, and procedures. - Establish a Cybersecurity Governance Framework in line with SEBI, RBI, and AMFI regulations. - Ensure adherence to SEBI Cybersecurity & Cyber Resilience Framework for Asset Management Companies. - Oversee compliance with relevant global and domestic regulations (ISO 27001, GDPR, SOC 2, CERT-In, etc.). - Conduct risk assessments, vulnerability scans, and penetration testing. - Manage regulatory audits and liaise with SEBI, NSE, BSE, RBI, and statutory bodies. - Oversee security of trading platforms, investment management systems, and client databases. - Implement tools for threat detection, incident response, and disaster recovery. - Build and manage a Security Operations Center (SOC) for 24x7 monitoring. - Ensure secure deployment of cloud platforms, APIs, and third-party integrations. - Develop and execute incident response plans for cyber breaches. - Lead forensic investigations and coordinate with regulatory authorities. - Conduct tabletop exercises and crisis management drills. **Qualifications & Experience:** - Bachelors/Masters degree in Computer Science, IT, Cybersecurity, or related fields. - 10-15 years of professional experience in information security, with minimum 5 years in a leadership role in BFSI or Asset Management. - Certifications such as CISSP, CISM, CISA, CRISC, CEH, or ISO 27001 Lead Auditor are highly desirable. - Experience in regulatory compliance with SEBI, RBI, NSE, BSE, and AMFI standards. In addition to the above, proficiency in firewalls, IDS/IPS, SIEM, encryption, cloud security, identity & access management (IAM) is essential for this role.,