3,482 Ciso jobs in India

1. Role Objective:

The incumbent will work closely with the Group Chief Information Security Officer and Country Manager India in efficient formulation, implementation and management of the Bank's information security policy(s) and compliance programs pertaining to India Operations. The incumbent will ensure efficient management of Information Security Governance, in line with the Reserve Bank of India and other statutory / regulatory bodies governing our India operations.

The job holder will coordinate and execute the information security management system program (ISMS), Security operations, VAPT program, Red team program, Update RBI Daksh portal returns before deadline and Cyber security Framework implementation. The job holder will also ensure that risk management needs in relation to information security, including but not limited to incident response, access control, business continuity and disaster recovery are duly and promptly

addressed. This role requires extensive coordination and teamwork with inter and intra department officials.

2. Detailed Roles and Responsibilities:

STRATEGIC

· Responsible for all cyber security governance framework along with other activities related to information and cyber security aspects as per the directions from Group Chief Information Security Officer.

· Contribute towards formulation of annual strategies, policies, and procedures of the Information Security Section, to support divisional and organizational business strategy.

· Ensure that the Information Security plans are within agreed budgets and timescales. Assist the Country Manager & Group Chief Information Security Officer in preparing/providing timely, accurate and complete progress reports to the Management reviews, RBI, IBA, IDRBT, CERT-In, CSITE etc.

· Update self on the IT/security industry trends, new solutions and techniques, as well as emerging threats and regulatory requirements/changes set by QCB and other relevant government bodies, and suggest adequate changes in the section, including but not limited to staffing of employees, department deliverables etc.

· Develop and maintain robust working relationships with internal/external stakeholders of Doha Bank to facilitate functional / operational/ strategic needs.

· Develop and maintain various performance monitoring check lists as required by ISO27001 /RBI Cyber security Framework for IT and other operations.

· Responsible for managing RBI - CSITE advisories, circulars, policy development, security operation centre (SOC), vulnerability assessment and penetration testing etc.

· Member of Bank’s India Management Committee and Risk Management Committee where information security related risks, gaps and remedial measures are discussed and tabled.

OPERATIONAL

· Complete ownership of Security compliance requirements of all systems /servers pertaining to India operations.

· Ensure successful execution of ISO27001 & PCI-DSS and other industry certifications and governance of the certification programs and reporting the progress to management.

· Perform all activities, as assigned by the Country Manager and Group Chief Information Security Officer, in compliance with relevant local/ foreign regulations, internal Information security policies and procedures as required for strategic partnership or delivery of Banking services.

· Review and ensure that the Information Security processes within Doha Bank, India are operating effectively and efficiently towards achieving high operating standards.

· Perform gap analysis of business operation to ascertain the magnitude of results in terms of non-compliance by the business/support functions with the statutory and regulatory requirements.

· Liaise with external consultants appointed from time to time in assessing the adequacy and effectiveness of the Bank's information security efforts.

· Perform the Risk assessment which would include identification, assessment, monitoring and reporting of key information security risks and prepare the mitigating controls. Regularly follow-up with Operational departments such as IT and Admin on implementing the mitigating controls with appropriate escalation.

· Review and follow-up of Compliance with time-to-time applicable laws and regulatory requirements, third party partners such as CSITE, RBI, NABARD, GOI, State Governments, SWIFT, VISA and Master card.

· Ensuring Regular VAPT assessments / PCI / ISO27001 assessments, Internal, external audits are properly planned and carried out. Also track the compliance and provide update / escalation to appropriate authorities. Need to Maintain update dashboard.

· Track and update progress on the Internal /external Audit and VAPT observations and present suitable to Top Management, highlighting the high-risk areas and dependencies.

· Manage and review Information Security analyses and submit assessment reports on adequacy of control in accordance with policies, standards, procedures to safeguard Bank's assets.

· Depict threats and mitigation options to executive management and preparation of periodic (applicable weekly/ monthly /quarterly) Dashboards, reports, memo, agenda items to Information Security council, Risk Management Committee, Audit Committee of the Board and further compliance of directions.

· Review all data being generated from periodic threat assessments and ensure maximum accuracy. Revalidate observations with technical stakeholders and ensure that the observations from periodic assessments are accurate and complained.

· Collection and consolidation of data required for monthly /quarterly /Half yearly / yearly - Report submissions / any other compliance reports as required by RBI and its appointed organizations / entities.

· Submit periodic reports / data pertaining to India operations as required by Information Security section, Head office including Bank’s defined internal KRI’s.

· Ensure threats and mitigation measures are correctly populated into the threat register with accurate estimated dates of compliance and threat ratings as per group’s methodology.

· Participate actively during internal/external audits and regulatory reviews and ensure implementation of remediation actions on account of the findings reported.

· Participate in the development and implementation of the Bank's information security policies and procedures and ensure their timely update considering changing circumstances/ best practices/ Regulatory directives.

· Assist the Group Chief Information Security Officer and work closely with the India IT / ITD at Head office on the design and development of Information security or disaster recovery systems.

· Development and implementation of an ongoing risk assessment program targeting information security and privacy matters, and recommend methods for vulnerability detection and remediation and oversee vulnerability testing related to India operations.

· Liaise with the Business Continuity Management section, Head office & India IT operations in preparing the organization's disaster recovery and business continuity plans related to information systems.

· Maintain highest standards of confidentiality, professional conduct, ethics and integrity in the provision of services in the section.

· Implement regular online/classroom training programs on information security awareness and conduct effectiveness test for India Operations.

· Perform all operational activities as assigned by the reporting authorities, in compliance with local regulations, Doha Bank’s policies and units/departments approved policies and procedures.

· Support the reporting authorities in on ground implementation of the procedural control measures identified through audit, risk and compliance observations.

· Support in periodically reviewing and updating the RCSAs pertaining to the processes executed within the unit with identified risks and areas for improvement. Also, ensure adherence to the controls defined in the RCSA.

· Support in timely rectification of observations / gaps identified by audit, compliance and risk. · Contribute to the amendments of policies and procedures within the unit, as and when needed.

POSITION SUMMARY:

The incumbent will lead the organization’s cybersecurity function, overseeing threat monitoring, risk assessment, data protection, and incident response. Responsibilities include designing secure IT architectures, governing identity and access controls, implementing risk-mitigation programs, conducting investigations, and ensuring compliance through effective governance.

KEY ACCOUNTABILITIES/ KEY RESPONSIBILITIES:

Security Operations & Incident Response:

• Oversee a robust Security Operations Center (SOC) functionality, potentially outsourced or augmented by automation, to provide real-time monitoring and analysis of immediate cyber threats targeting the organization's systems and data.
• Develop and implement incident response plans, encompassing procedures for timely detection, containment, eradication, and recovery from security breaches or data loss events.
• Lead and coordinate effective responses to security incidents, minimizing downtime and mitigating potential financial and reputational damage to the organization and its clients.

Cyber Risk Management & Intelligence:

• Proactively identify, assess, and mitigate information security risks across the entire IT ecosystem and business processes, including evaluating the risks associated with emerging technologies and digital transformation initiatives.
• Stay abreast of the evolving cyber threat landscape, including targeted attacks, ransomware, and insider threats, and translate complex technical risks into understandable insights for the leadership team and board of directors.
• Develop and maintain a comprehensive risk management framework, incorporating robust risk assessments, vulnerability management, and continuous monitoring to strengthen the organization's security posture.

Data Loss & Fraud Prevention:

• Implement and enforce data protection policies and controls to prevent unauthorized access, misuse, or exfiltration of sensitive client information and organizational data, whether from external sources or internal staff.
• Employ advanced anti-fraud and anomaly detection systems, including transaction monitoring and behavioral pattern analysis, to safeguard financial assets and preserve client trust.

Security Architecture & Engineering:

• Lead the planning, selection, and implementation of security hardware and software solutions, including designing secure network and IT infrastructure aligned with industry best practices and regulatory compliance.
• Develop and maintain a robust and scalable security architecture that supports the organization's digital transformation initiatives and ensures the security of its expanding digital footprint.
• Regularly review and update security systems to ensure their effectiveness against evolving threats and vulnerabilities, prioritizing a proactive approach to security by design rather than a reactive one.

Identity & Access Management (IAM):

• Design and implement an effective Identity and Access Management (IAM) framework to ensure that only authorized personnel have appropriate access to sensitive data, systems, and client information based on the principle of least privilege.
• Enforce strong authentication mechanisms, including Multi-Factor Authentication (MFA), to minimize the risk of unauthorized access due to compromised credentials.
• Regularly audit and review user access privileges to ensure they remain aligned with job functions and organizational policies, promptly revoking access for departing employees and those changing roles.

Security Program Management:

• Develop and implement a comprehensive security program roadmap, encompassing a structured approach to securing the organization's digital infrastructure and promoting a security-first culture across all departments.
• Lead and manage the security team, fostering a culture of continuous learning and professional development, equipping them with the skills to address emerging security challenges.
• Effectively allocate resources, including budget and personnel, to ensure the successful execution of security initiatives and compliance with regulatory requirements.

Investigations & Forensics:

• Lead and oversee investigations into security incidents and data breaches, determining the root cause, assessing the scope of the breach, and collaborating with internal and external parties as needed.
• Conduct forensic analysis to recover and analyze digital evidence, identifying the attackers' methods and supporting legal proceedings or regulatory reporting as necessary.
• Develop and implement corrective measures and lessons learned from security incidents to prevent future occurrences and strengthen the organization's cyber resilience.

Governance & Compliance:

• Establish and maintain a robust information security governance framework that aligns with the organization's objectives, regulatory requirements (including RBI regulations for Microfinance Companies), and industry best practices.
• Ensure continuous compliance with all applicable laws, regulations, and industry standards, including those related to data protection, privacy, and financial operations.
• Act as the primary point of contact for regulatory bodies and internal/external auditors on all information security matters, ensuring transparency and proactive reporting.

DESIRED PROFILE:

Qualifications and Skills

• Experience: 12+ years of relevant work experience with a bachelor’s degree in computer science or related field.
• Should have prior experience in handling Cybersecurity Operations Management, Cyber Risk & Intelligence, Data Protection & Fraud Prevention, Security Architecture, Identity & Access Management, Digital Forensics & Incident Investigation, Governance & Compliance
• Knowledge on RBI regulations related to security is important.
• Cyber Security Certifications are added advantages (CISA, CISSP, CISM)

1. Role Objective:

The incumbent will work closely with the Group Chief Information Security Officer and Country Manager India in efficient formulation, implementation and management of the Bank's information security policy(s) and compliance programs pertaining to India Operations. The incumbent will ensure efficient management of Information Security Governance, in line with the Reserve Bank of India and other statutory / regulatory bodies governing our India operations.

The job holder will coordinate and execute the information security management system program (ISMS), Security operations, VAPT program, Red team program, Update RBI Daksh portal returns before deadline and Cyber security Framework implementation. The job holder will also ensure that risk management needs in relation to information security, including but not limited to incident response, access control, business continuity and disaster recovery are duly and promptly

addressed. This role requires extensive coordination and teamwork with inter and intra department officials.

2. Detailed Roles and Responsibilities:

STRATEGIC

· Responsible for all cyber security governance framework along with other activities related to information and cyber security aspects as per the directions from Group Chief Information Security Officer.

· Contribute towards formulation of annual strategies, policies, and procedures of the Information Security Section, to support divisional and organizational business strategy.

· Ensure that the Information Security plans are within agreed budgets and timescales. Assist the Country Manager & Group Chief Information Security Officer in preparing/providing timely, accurate and complete progress reports to the Management reviews, RBI, IBA, IDRBT, CERT-In, CSITE etc.

· Update self on the IT/security industry trends, new solutions and techniques, as well as emerging threats and regulatory requirements/changes set by QCB and other relevant government bodies, and suggest adequate changes in the section, including but not limited to staffing of employees, department deliverables etc.

· Develop and maintain robust working relationships with internal/external stakeholders of Doha Bank to facilitate functional / operational/ strategic needs.

· Develop and maintain various performance monitoring check lists as required by ISO27001 /RBI Cyber security Framework for IT and other operations.

· Responsible for managing RBI - CSITE advisories, circulars, policy development, security operation centre (SOC), vulnerability assessment and penetration testing etc.

· Member of Bank’s India Management Committee and Risk Management Committee where information security related risks, gaps and remedial measures are discussed and tabled.

OPERATIONAL

· Complete ownership of Security compliance requirements of all systems /servers pertaining to India operations.

· Ensure successful execution of ISO27001 & PCI-DSS and other industry certifications and governance of the certification programs and reporting the progress to management.

· Perform all activities, as assigned by the Country Manager and Group Chief Information Security Officer, in compliance with relevant local/ foreign regulations, internal Information security policies and procedures as required for strategic partnership or delivery of Banking services.

· Review and ensure that the Information Security processes within Doha Bank, India are operating effectively and efficiently towards achieving high operating standards.

· Perform gap analysis of business operation to ascertain the magnitude of results in terms of non-compliance by the business/support functions with the statutory and regulatory requirements.

· Liaise with external consultants appointed from time to time in assessing the adequacy and effectiveness of the Bank's information security efforts.

· Perform the Risk assessment which would include identification, assessment, monitoring and reporting of key information security risks and prepare the mitigating controls. Regularly follow-up with Operational departments such as IT and Admin on implementing the mitigating controls with appropriate escalation.

· Review and follow-up of Compliance with time-to-time applicable laws and regulatory requirements, third party partners such as CSITE, RBI, NABARD, GOI, State Governments, SWIFT, VISA and Master card.

· Ensuring Regular VAPT assessments / PCI / ISO27001 assessments, Internal, external audits are properly planned and carried out. Also track the compliance and provide update / escalation to appropriate authorities. Need to Maintain update dashboard.

· Track and update progress on the Internal /external Audit and VAPT observations and present suitable to Top Management, highlighting the high-risk areas and dependencies.

· Manage and review Information Security analyses and submit assessment reports on adequacy of control in accordance with policies, standards, procedures to safeguard Bank's assets.

· Depict threats and mitigation options to executive management and preparation of periodic (applicable weekly/ monthly /quarterly) Dashboards, reports, memo, agenda items to Information Security council, Risk Management Committee, Audit Committee of the Board and further compliance of directions.

· Review all data being generated from periodic threat assessments and ensure maximum accuracy. Revalidate observations with technical stakeholders and ensure that the observations from periodic assessments are accurate and complained.

· Collection and consolidation of data required for monthly /quarterly /Half yearly / yearly - Report submissions / any other compliance reports as required by RBI and its appointed organizations / entities.

· Submit periodic reports / data pertaining to India operations as required by Information Security section, Head office including Bank’s defined internal KRI’s.

· Ensure threats and mitigation measures are correctly populated into the threat register with accurate estimated dates of compliance and threat ratings as per group’s methodology.

· Participate actively during internal/external audits and regulatory reviews and ensure implementation of remediation actions on account of the findings reported.

· Participate in the development and implementation of the Bank's information security policies and procedures and ensure their timely update considering changing circumstances/ best practices/ Regulatory directives.

· Assist the Group Chief Information Security Officer and work closely with the India IT / ITD at Head office on the design and development of Information security or disaster recovery systems.

· Development and implementation of an ongoing risk assessment program targeting information security and privacy matters, and recommend methods for vulnerability detection and remediation and oversee vulnerability testing related to India operations.

· Liaise with the Business Continuity Management section, Head office & India IT operations in preparing the organization's disaster recovery and business continuity plans related to information systems.

· Maintain highest standards of confidentiality, professional conduct, ethics and integrity in the provision of services in the section.

· Implement regular online/classroom training programs on information security awareness and conduct effectiveness test for India Operations.

· Perform all operational activities as assigned by the reporting authorities, in compliance with local regulations, Doha Bank’s policies and units/departments approved policies and procedures.

· Support the reporting authorities in on ground implementation of the procedural control measures identified through audit, risk and compliance observations.

· Support in periodically reviewing and updating the RCSAs pertaining to the processes executed within the unit with identified risks and areas for improvement. Also, ensure adherence to the controls defined in the RCSA.

· Support in timely rectification of observations / gaps identified by audit, compliance and risk. · Contribute to the amendments of policies and procedures within the unit, as and when needed.

Chief Information Security Officer (CISO) & Head of Cybersecurity Practice

Location: Gurgaon, India Experience: Minimum 10 years of progressive experience in cybersecurity leadership roles Type: Full-time, Leadership Role

Level: Director or Sr. Director

About Incedo

Incedo is a US-based consulting, analytics, and technology services firm helping our clients achieve competitive advantage through end-to-end digital transformation. We bring in a unique combination of Consulting, Data/AI, and Digital Technologies to solve complex business problems for its global set of marquee clients. With offices across the US, Canada, Mexico, and India, and over 4,000 employees globally, we operate at the cutting edge of data, design, and technology. Our core verticals include Telecom, Banking & Payments, Wealth Management, Hi-Tech/Product Engineering, Life Sciences/Pharma/Healthcare.

Our unique value lies in blending strong engineering, data science, and experience design capabilities with deep domain expertise, enabling us to deliver significant business impact using emerging technologies.

Job Summary: The Chief Information Security Officer (CISO) is responsible for developing, implementing, and overseeing the security strategy for an IT outsourcing company. The CISO will ensure the security, integrity, and compliance of client and internal IT systems while mitigating cybersecurity risks. This role involves working closely with clients, regulatory bodies, and internal teams to implement best security practices and maintain compliance with industry standards.

Key Responsibilities:

Strategic Leadership

•

Develop and implement a comprehensive cybersecurity strategy aligned with business objectives.

•

Lead the information security function to protect company and client data from cyber threats.

•

Establish policies, procedures, and frameworks to secure IT infrastructure and outsourced services.

Security Governance & Compliance

•

Ensure compliance with industry regulations, such as ISO 27001, SOC 2, GDPR, HIPAA, and other applicable security frameworks.

•

Conduct regular security audits and risk assessments to identify vulnerabilities and implement corrective actions.

•

Establish security governance frameworks and ensure adherence to global best practices in IT security.

•

Work with legal and compliance teams to assess security risks in contracts and SLAs with clients.

Risk Management & Incident Response

•

Identify, assess, and mitigate security risks related to IT outsourcing operations.

•

Develop, implement, and test incident response plans to address security breaches and cyber threats.

•

Monitor and analyse security incidents, ensuring timely resolution and documentation.

•

Lead disaster recovery and business continuity planning efforts.

Security Architecture & Technology

•

Define and oversee the implementation of security architecture for outsourced IT services.

•

Collaborate with IT teams to integrate security into DevOps, cloud services, and application development.

•

Evaluate and implement advanced cybersecurity tools and threat intelligence solutions.

•

Ensure security best practices in network, endpoint, and data protection for client engagements.

•

Implement secure email gateways, DMARC, DKIM, and SPF protocols to prevent email spoofing and phishing attacks.

•

Deploy and manage advanced endpoint security solutions, including next-gen antivirus (NGAV) and behavioural analytics.

•

Monitor and enhance web application firewall (WAF) solutions to prevent application-layer attacks.

•

Strengthen security posture with zero-trust architecture, data loss prevention (DLP), and privileged access management (PAM).

Client & Stakeholder Engagement

•

Act as a trusted advisor for clients on cybersecurity and data protection matters.

•

Provide security guidance and assurance during client onboarding and ongoing engagements.

•

Educate clients on emerging threats and security measures to safeguard their IT assets.

•

Collaborate with sales and pre-sales teams to address security concerns in RFPs and proposals.

Team Development & Security Awareness

•

Build and lead a high-performing cybersecurity team within the organization.

•

Develop and deliver security awareness training programs for employees and outsourced IT teams.

•

Foster a culture of cybersecurity awareness across all levels of the organization.

Required Skills & Expertise

Comprehensive Expertise in Cybersecurity Tools & Platforms:

Demonstrated hands-on experience with a wide range of advanced cybersecurity technologies including Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM) systems like Splunk and Microsoft Sentinel, Data Loss Prevention (DLP), Identity and Access Management (IAM), Web Application Firewalls (WAF), Firewalls, and Cloud Access Security Brokers (CASB). The CISO must be adept at selecting, implementing, and optimizing these tools to secure both internal and client-facing environments.

Leadership in Cybersecurity Transformation:

Proven track record of conceptualizing and leading enterprise-wide cybersecurity transformation programs, ensuring alignment with business goals, industry regulations, and emerging threat landscapes. This includes modernizing security architectures, redefining incident response frameworks, and embedding security into the company’s digital transformation journey.

Cloud Security Mastery:

In-depth knowledge of cloud security frameworks and implementation across major platforms such as AWS, Microsoft Azure, and Google Cloud Platform (GCP). The candidate should be capable of enforcing security controls in hybrid and multi-cloud environments, including workload protection, cloud-native controls, encryption, and identity governance.

DevSecOps & Infrastructure Security:

Strong understanding and practical application of DevSecOps principles, infrastructure security, and the secure software development lifecycle (SSDLC). The CISO must be able to embed security automation and compliance checks into CI/CD pipelines and promote secure coding practices.

Audit & Compliance Management:

Significant hands-on experience managing internal and third-party audits, overseeing regulatory inspections, and conducting enterprise risk assessments. Familiarity with compliance frameworks such as ISO 27001, SOC 2, GDPR, HIPAA, and other relevant standards for IT outsourcing firms is essential.

Incident & Crisis Management:

Demonstrated ability to lead cross-functional teams during critical security incidents, including managing the technical response, external communications, legal implications, and post-incident reviews. Experience handling data breaches and ransomware attacks with minimal disruption is a strong plus.

Cybersecurity Analytics & Threat Intelligence:

Expertise in utilizing cybersecurity analytics platforms and threat intelligence tools such as Qualys, Tenable, and commercial/government feeds to proactively detect, investigate, and respond to advanced threats.

Executive-Level Communication:

Excellent ability to communicate complex security concepts and risks clearly and effectively to C-suite executives, board members, clients, and regulators. Should be capable of creating board-level reports, security dashboards, and business-aligned risk assessments.

Educational & Professional Qualifications

Academic Background:

A bachelor’s degree in engineering, Computer Science, Information Systems, or a related technical discipline is required. A Postgraduate Degree or MBA is preferred to ensure a balanced perspective between business and technical leadership.

Certifications:

Possession of industry-recognized certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information

Systems Control), or CCSP (Certified Cloud Security Professional) is essential, highlighting a commitment to professional excellence and continuing education in the field.

Soft Skills & Core Competencies

•

Visionary Leadership: Builds and mentors high-performing, globally distributed cybersecurity teams; fosters innovation and accountability

•

Strategic Execution: Balances long-term security vision with hands-on execution to drive measurable business outcomes

•

Analytical Risk Management: Proactively identifies threats and mitigates risks using a data-driven, practical approach

•

Ethical Leadership: Operates with integrity and transparency, ensuring compliance with all legal and regulatory standards

•

Crisis Resilience: Remains calm and decisive under pressure, effectively managing incidents and audits

•

Clear Communication: Simplifies complex technical issues for stakeholders; excels in documentation and board-level reporting

Why Join Us?

This is a high-impact leadership role at a pivotal moment in our growth. You will shape how we scale our product ecosystem, modernize engineering practices, and deliver value across business verticals. Join a collaborative, forward-looking team that values innovation, autonomy, and bold thinking.