10-15 years, with minimum 5 years in NBFC/financial services
Position Summary
The Chief Information Security Officer (CISO) is a CXO-level executive responsible for establishing and leading the organization's information security vision, strategy, and governance framework. The CISO ensures the confidentiality, integrity, and availability of the organization's information assets, in alignment with RBI regulations, business objectives, and industry best practices. This role oversees enterprise-wide cybersecurity initiatives, regulatory compliance, and risk management, while fostering a strong security culture across the organization.
Key Responsibilities
1. Information Security Strategy & Governance
Develop and implement a comprehensive enterprise information security strategy, framework, and governance model.
Ensure alignment with regulatory requirements including
RBI Cyber Security Framework for NBFCs, ISO 27001, IT Act, DPDP, and CERT-IN guidelines
.
Define security policies, standards, and procedures to mitigate risks and safeguard critical information assets.
2. Regulatory Compliance & Risk Management
Drive compliance with regulatory and statutory requirements, including RBI, CERT-IN, and industry best practices.
Lead enterprise-wide cyber risk assessments, vulnerability management, and penetration testing initiatives.
Manage third-party and vendor risk, ensuring secure integrations with cloud and fintech partners.
3. Incident Response, Business Continuity & Resilience
Develop, maintain, and test
Incident Response, Business Continuity, and Disaster Recovery Plans
.
Ensure rapid and effective response to cyber incidents and minimize business disruption.
Implement data security, encryption, and access control measures across all business units.
4. Security Operations & Infrastructure Oversight
Oversee IT security operations including firewall management, patching, endpoint protection, and service monitoring.
Establish secure IT infrastructure, ensuring operational resilience and continuous monitoring.
5. Leadership & Culture Development
Lead, mentor, and develop the cybersecurity team, fostering a high-performance culture.
Build awareness and training programs to promote cybersecurity, fraud prevention, and best practices organization-wide.
6. Stakeholder Engagement & Reporting
Serve as the primary interface with regulators, auditors, and risk committees on cybersecurity matters.
Provide regular reports to the Board and Risk Committee on cyber posture, risks, incidents, and mitigation strategies.
Collaborate closely with IT, risk management, compliance, and business leaders to integrate security into strategic initiatives.
Candidate Profile
Educational Qualifications:
Bachelor's degree in Engineering (BE/B.Tech) and/or MCA (or equivalent).
Relevant certifications such as
CISM, CISSP, CISA, ISO 27001 Lead Implementer/Auditor
.
Professional Experience:
10-15 years of progressive experience in information security, including
at least 5 years in NBFCs, banks, or financial services
.
Proven experience in
information security strategy development
, policy formulation, and implementation.
Hands-on experience in
IT security operations, BCP/DR planning, and regulatory compliance
.
Demonstrated success in leading security infrastructure projects and establishing enterprise-wide security controls.
Strong experience in stakeholder management, including direct engagement with Boards, Risk Committees, and regulators.
Ability to foster an organizational culture of security awareness and proactive risk management.
Key Competencies & Attributes
Strategic thinking with strong business acumen.
Deep understanding of regulatory frameworks applicable to NBFCs and financial services.
Exceptional leadership and people management skills.
Excellent communication and stakeholder management capabilities.
* Proactive approach to emerging cybersecurity threats and technology trends.
Beware of fraud agents! do not pay money to get a job
MNCJobsIndia.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.