Chief Information Security Officer

Job Title:

Reports To:

Location:

Job Type:

1. Overview

Chief Information Security Officer (CISO)

2. Roles and Responsibilities

The CISO will be responsible for a wide range of cybersecurity and governance functions. Key responsibilities include:

2.1 Threat Landscape Management

Regularly update the threat landscape and stay informed on emerging threats and technology developments.

2.2

• Draft and maintain comprehensive security policies:
• Information Security Policy
• Data Governance & Classification
• Access Control
• Asset Management
• Risk Management & SoA
• Cryptography
• Communication Security
• Incident Management
• Security Awareness Programs
• Conduct regular reviews and updates to security documents and acceptable communication rules.

2.32.4 Security Architecture & Risk Management

• Design security architecture leveraging latest tech.
• Define and maintain risk assessment and mitigation frameworks.

2.5 Regulatory Coordination

• Act as a liaison with

  CERT-In

  and other regulatory bodies.

2.6

• Regularly conduct:
• Log reviews & exception reporting

• Quarterly VAPT

  (Vulnerability Assessment and Penetration Testing)

• Annual WASA

  and application whitelisting
• SDLC audits & code reviews

• IT Security Audits

  ensuring:
• No unsupported OS
• Patch management and hardening
• Secure software development
• Citizen/customer data privacy

2.7 Third-Party Risk Management

Perform regular audits of third-party service providers.

2.8 Time Synchronisation Certification

NTP is synchronized with the National Physical Laboratory

2.9–2.10 Device & Software Guidelines

• Periodic review and enforcement of:
• Device hardening
• Antivirus/malware protection

• Acceptable Use Policies

  for all software and freeware

2.11T Governance Framework Implementation

• Adopt and implement processes for:
• Change Management
• Configuration Management
• Incident & Problem Management

2.12 Infrastructure Maintenance

Ensure systems are up to date and under active support for patches and security.

2.13–2.14 Procurement and Contracting

• Include

  security clauses in all contracts/MoUs

  .
• Obtain management approval for urgent cybersecurity-related procurements.

2.15ncident Response & Crisis Management

• Develop scenario-based

  Incident Response Plans

  including:
• Containment
• RCA (Root Cause Analysis)
• Forensics
• CERT-In Reporting
• Repeat incident analysis

2.16–2.18 Stakeholder Coordination & Reporting

• Coordinate internally and externally on security matters.
• Provide periodic reporting to leadership covering:
• CIA assessments
• Risk management and remediation
• Incident impacts

2.17 Cyber Crisis Management Group (CCMG)

Mandatory:

• Establish

  CCMG

  chaired by head of organization.
• Maintain updated crisis contact lists.
• Implement

  Cyber Crisis Management Plan (CCMP)

  with periodic drills.

2.19CT Disaster Recovery & Incident Management Mandatory:

• Coordinate response and legal readiness.
• Ensure compliance with CERT-In guidelines.

• Analyze and prevent recurrence of incidents.

3. Qualifications

Education & Experience (Mandatory)

• Bachelor’s degree in

  Electronics/Computer Science (BE/BTech)

• Minimum 10 years of post-qualification experience

  in cybersecurity/IT roles within

  Central/State Government

  services.

Desirable Certifications

• Certified Information Systems Auditor (CISA)

• ISMS Lead Auditor (STQC or equivalent Government-recognised)

4. Skills & Competencies

• Strong understanding of

  cybersecurity principles, best practices, and tools

• Knowledge of

  regulatory and compliance frameworks

• Excellent

  leadership, communication, and stakeholder management

• Ability to operate effectively under pressure, especially during

  crisis situations

Mandatory Highlights Summary (for quick reference):

• 10+ years of relevant Govt. experience
• BE/BTech (Mandatory)
• VAPT (Quarterly), WASA (Annually), and regular audits
• NTP sync with National Physical Laboratory
• CERT-In coordination & incident reporting
• CCMG formation and disaster recovery simulations
• Inclusion of security clauses in all contracts
• Security certifications like CISA / ISMS Lead Auditor (Desirable)