Job Description

Role and Responsibilities:
Audit Representation:

• Act as the primary representative for NPCI and customer audits related to information and

cyber security.
Cybersecurity Governance:

• Drive the organization's cybersecurity strategy and ensure compliance with applicable

regulatory/statutory guidelines, particularly those from RBI and NPCI.

• Present cyber security risks, initiatives, and preparedness to the Board and its Committees

periodically.
Policy Enforcement & Risk Management:

• Develop, enforce, and review security policies and controls to protect the organizationxe2x80x99s

information assets.

• Conduct regular risk assessments and manage vulnerability assessments.
• Lead the response to emerging threats, incidents, and vulnerabilities.

Security Operations:

• Establish and enforce information security policies, procedures, and controls.
• Develop and manage data classification and handling policies, ensuring data protection by

design and by default

• Oversee and monitor the Security Operations Centre (SOC).
• Ensure all security solutions are functioning effectively.
• Drive key cybersecurity projects and ensure timely execution.

Strategic Planning:

• Identify security goals aligned with business needs
• Define and monitor implementation strategies and cybersecurity initiatives.
• Estimate and manage the cybersecurity budget and required resources.

Compliance & Standards:

• Ensure adherence to standards such as ISO 27001, PCI DSS, and RBI cybersecurity guidelines.
• Manage exception handling and ensure compliance across all departments

Incident Response & Resilience:

• Plan, manage, and review information/cyber security incidents.
• Strengthen the organization's cyber resilience framework.

JD - CISOTraining & Awareness:

• Provide regular security awareness training to employees and stakeholders

Stakeholder Engagement

• Advise senior management on security architecture and technology decisions
• Collaborate effectively with IT teams, compliance, and external partners on security matters

Budgeting and Resource Management

• Manage the information security and cybersecurity budget, including investments in tools,

services, and personnel.

• Build, retain, and lead a skilled security team, including hiring, training, and performance

management.
Reporting and Communication

• Report security metrics, incidents, and risk posture to executive leadership and boards.
• Act as the primary liaison for regulatory bodies, legal teams, and law enforcement in matters

of cybersecurity

Acura Solutions