5,109 Ciso jobs in India
Chief Information Security Officer (CISO)
Tiruppur, Tamil Nadu
beBeeInformationSecurity
Posted today
Job Viewed
Job Description
Job Title
Description
Security Operations Specialist
Description
We are seeking a highly skilled Security Operations Specialist to join our team. As a key member of our team, you will be responsible for delivering high-quality security services to our clients.
The ideal candidate will have a strong background in information security auditing, assessment, and consulting, with a focus on IT General Controls (ITGC) and Service Organization Control (SOC) controls.
You will work closely with our clients to understand their security needs and develop customized solutions to address those needs. Your expertise in Schellman's services, methodology, and relevant professional standards will be essential in providing exceptional service to our clients.
In addition to your technical skills, you will possess excellent communication and interpersonal skills, allowing you to effectively collaborate with our team members and clients. Your ability to work independently and as part of a team will also be critical in meeting the demands of this role.
If you are a motivated and detail-oriented individual with a passion for information security, we encourage you to apply for this exciting opportunity.
Required Skills and Qualifications- Bachelor's degree in accounting, finance, business management, technology, or other relevant subject area
- 2+ years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on ITGC or SOC controls
- Ability to work well independently, within a team and with clients as well as travel ~40-50%
- Maintains (preferred) or working towards obtaining least one certification relevant to Schellman's services (i.e. CPA, CCSK or CISA)
This is an excellent opportunity to join a dynamic team and contribute to the growth and success of our organization. You will have the chance to work with a talented group of professionals who share your passion for information security.
We offer a competitive compensation package that includes salary, bonuses, and benefits such as health insurance, retirement plans, and paid time off. Additionally, you will have access to ongoing training and development opportunities to help you advance your career.
OthersPlease note that this job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications required of the position.
We are an equal opportunities employer and welcome applications from diverse candidates.
),
This advertiser has chosen not to accept applicants from your region.
0
Chief Information Security Officer (CISO)
Bhubaneshwar, Orissa
ISERVEU TECHNOLOGY
Posted today
Job Viewed
Job Description
Company Description-
iServeU is Asia’s leading banking infrastructure platform provider enabling financial enterprises to offer embedded banking services to their end customers. iServeU is one of the few certified partners with National Payment Corporation of India (NPCI), VISA for various products.
iServeU also provides a cloud-native, micro services-enabled, distributed platform with over 5000 possible product configurations with a low code/no code interface to banks, NBFCs, Fintech, and other regulated entities.•We process around 2500 transactions per second by levering distributed & auto scale technology like K8.•Our core platform combines of 1200+ micro services.•Our customer list includes Fintech start-ups, top tier private banks to PSU bank. We operate in five countries and help
customers constantly change the way financial institutions operate and innovate.•Our solutions currently empowers over 20 banks and 250+ enterprises across India and abroad.•Our platform seamlessly manages the entire transaction lifecycle, including withdrawals, deposits, transfers, payments, and lending through various channels like digital, branch, agents.Our team of 500+ employees, with over 80% in technology roles is spread across offices in Bhubaneswar, Bangalore and Delhi. We have raised $8 million in funding to support our growth and innovation.For more details visit: Manage all security operations for the IT/IS department.
Set and enforce compliance regulations and standards
Develop information security policies
Develop policies, procedures, and standards
Maintain adequate controls
Maintain data confidentiality
Enforce regulations, procedures, standards, and policies
Monitor and continuously assess risk
Control and document all activities performed by employees
Provide guidance and direction for all IT/IS staff
Advise management on IT/IS costs and budgets
Develop, implement, and adhere to a company code of conduct
Develop, implement, and adhere to a company code of ethics
Approve all employee IT/IS access requests
Provide IT/IS departmental and project specific oversight
Provide IT/IS project management support
Proactively identify
Serve as the company’s lead information security officer, overseeing all security initiatives, policies, and procedures
Develop, implement, and monitor information security policies and procedures
Develop and implement information security strategies including vulnerability assessments and penetration testing, and cybersecurity awareness and training
Translate IT security risks into actionable requirements
Develop and maintain an information security budget and oversee IT spending
Research emerging security threats and vulnerabilities and advise management on appropriate countermeasures
Create and implement strategic plans to secure the company’s IT infrastructure
Perform risk assessment and vulnerability analysis
Promote the company’s information security reputation
Evaluate adequacy of third-party service providers
Perform IT asset inventories and provide detailed reports for budgetary purposes
Develop and implement security incident response plans
Monitor and audit IT and company records
Award IT contracts and ensure compliance with contract terms
Develop and enforce IT
iServeU is Asia’s leading banking infrastructure platform provider enabling financial enterprises to offer embedded banking services to their end customers. iServeU is one of the few certified partners with National Payment Corporation of India (NPCI), VISA for various products.
iServeU also provides a cloud-native, micro services-enabled, distributed platform with over 5000 possible product configurations with a low code/no code interface to banks, NBFCs, Fintech, and other regulated entities.•We process around 2500 transactions per second by levering distributed & auto scale technology like K8.•Our core platform combines of 1200+ micro services.•Our customer list includes Fintech start-ups, top tier private banks to PSU bank. We operate in five countries and help
customers constantly change the way financial institutions operate and innovate.•Our solutions currently empowers over 20 banks and 250+ enterprises across India and abroad.•Our platform seamlessly manages the entire transaction lifecycle, including withdrawals, deposits, transfers, payments, and lending through various channels like digital, branch, agents.Our team of 500+ employees, with over 80% in technology roles is spread across offices in Bhubaneswar, Bangalore and Delhi. We have raised $8 million in funding to support our growth and innovation.For more details visit:
Job Description:
The Chief InformationSecurity Officer (CISO) is a senior-level management position responsible foroverseeing an organization’s information security. The CISO will be the head of information security department.
Job Brief:
We’re looking for a Chief Information Security Officer to lead and oversee ourorganization’s information security program. This includes developing andimplementing security policies and procedures, managing security technologiesand overseeing security awareness training. The ideal candidate will haveextensive experience in information security, including experience withsecurity risk management, incident response and forensics
ChiefInformation Security Officer (CISO) Duties:
Chief Information Security Officer (CISO)Responsibilities:
This advertiser has chosen not to accept applicants from your region.
1
Deputy Chief Information Security Officer(Ciso)
Bengaluru, Karnataka
Cornertree Consulting
Posted today
Job Viewed
Job Description
**Role: Deputy CISO**
**Exp:3+ yrs**
**Responsibilities**
**Working with all business units to determine possible risks and risk management processes.**
**Business development planning and acquiring the correct technology.**
**Analyzing IT security threats in real-time and mitigating these threats.**
**Ensuring that newly-acquired technology complies with the IT security regulations.**
**Planning, designing, and implementing an IT and network strategy for the company.**
**Managing the continuous maintenance of the IT network to ensuring optimum security**
**levels are maintained.**
**Sourcing the necessary hardware and software to implement the IT strategy, and negotiating**
**contracts.**
**Ensuring that no internal breaches or misuse of data take place.**
**Determining the cause of internal and external data breaches and instituting appropriate**
**corrective action.**
**Presenting regular feedback reports on IT network security to the board of directors.**
**Requirements and skills**
**A bachelor's degree in computer science, information technology, or a related field. An MBA**
**is preferable.**
**A minimum of 6+ years' experience in risk management, information security, or**
**programming.**
**Knowledge of information security management frameworks, such as ISO/IEC 27001 and**
**NIST.**
**Should have experience in GRC, VAPT and SOC**
**Experience in financial forecasting and budget management.**
**Outstanding negotiation skills for negotiating contracts and IT support services to be**
**rendered.**
**Excellent understanding of current legislation and regulations relevant to our organization.**
**Excellent project management and leadership skills.**
**First-rate written and verbal communication skills.**
**Salary**: ₹800,000.00 - ₹1,000,000.00 per year
Schedule:
- Flexible shift
**Exp:3+ yrs**
**Responsibilities**
**Working with all business units to determine possible risks and risk management processes.**
**Business development planning and acquiring the correct technology.**
**Analyzing IT security threats in real-time and mitigating these threats.**
**Ensuring that newly-acquired technology complies with the IT security regulations.**
**Planning, designing, and implementing an IT and network strategy for the company.**
**Managing the continuous maintenance of the IT network to ensuring optimum security**
**levels are maintained.**
**Sourcing the necessary hardware and software to implement the IT strategy, and negotiating**
**contracts.**
**Ensuring that no internal breaches or misuse of data take place.**
**Determining the cause of internal and external data breaches and instituting appropriate**
**corrective action.**
**Presenting regular feedback reports on IT network security to the board of directors.**
**Requirements and skills**
**A bachelor's degree in computer science, information technology, or a related field. An MBA**
**is preferable.**
**A minimum of 6+ years' experience in risk management, information security, or**
**programming.**
**Knowledge of information security management frameworks, such as ISO/IEC 27001 and**
**NIST.**
**Should have experience in GRC, VAPT and SOC**
**Experience in financial forecasting and budget management.**
**Outstanding negotiation skills for negotiating contracts and IT support services to be**
**rendered.**
**Excellent understanding of current legislation and regulations relevant to our organization.**
**Excellent project management and leadership skills.**
**First-rate written and verbal communication skills.**
**Salary**: ₹800,000.00 - ₹1,000,000.00 per year
Schedule:
- Flexible shift
This advertiser has chosen not to accept applicants from your region.
2
CISO - Credit agency
Mumbai, Maharashtra
Michael Page
Posted today
Job Viewed
Job Description
About Our Client
One of the major credit agencies in India
Job Description
Oversee a local team of Information Security professionals with diverse skillsets and focus areas
Serve as SME to the executive management and Board of Directors regarding cyber security practices and risk management
Identify risks to sensitive data and establish methods for mitigation and reduction of risk
Drive implementation of best practices in the areas of risk and data protection and monitor compliance to such processes
Build and maintain strong and effective relationships with business stakeholders and teams to ensure adherence to IT security policies and strategies
Represent the organization's Information Security in internal and regulatory audits
The Successful Applicant
This advertiser has chosen not to accept applicants from your region.
3
Chief Information Security Officer
Thane, Maharashtra
Aimhire
Posted today
Job Viewed
Job Description
This advertiser has chosen not to accept applicants from your region.
4
Chief Information Security Officer
Thiruvananthapuram, Kerala
Muthoot Fincorp Ltd.
Posted 12 days ago
Job Viewed
Job Description
ROLE SUMMARY
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the organization's vision, strategy, and programs to ensure that information assets and technologies are adequately protected.
This role involves overseeing the implementation of comprehensive information security policies, risk management strategies, and compliance with regulatory standards to safeguard the organization's data, systems, and operations against evolving cyber threats.
KEY RESPONSIBILITIES
Strategic Planning
- Develop, implement, and monitor a comprehensive enterprise-wide information security and IT risk management program.
- Seek top management support and direction for implementing information security measures in the organization.
- Identify and set information security goals and objectives in alignment with the organization's business needs and objectives.
- Define the scope and boundaries of the organization's information security program.
- Stay abreast of legal, regulatory, and industry-specific requirements to ensure compliance.
- Plan and establish an organization-wide Information Security Management System (ISMS) in compliance with ISO/IEC 27001 standards and regulatory guidelines (SEBI, RBI, etc).
- Identify, assess, and mitigate information security risks in alignment with business priorities.
- Define information security measurement metrics and other key performance indicators.
- Develop and maintain business continuity, disaster recovery, and incident response plans, ensuring readiness through regular testing.
- Drive awareness and training programs to embed a culture of security within the organization.
- Get approval for information security plan, budget, and resources from top management.
General Planning
- Identify and establish organization-specific information security policies, standards, procedures, guidelines, and processes.
- Define and implement a formal process for creating, documenting, reviewing, updating, and implementing security policies.
- Regularly assess and revise security policies to address evolving threats, business needs, and compliance requirements.
- Define a policy for classification of information and information assets to ensure their appropriate handling and protection.
- Lead and coordinate the development of tailored information security policies, procedures, guidelines, and processes in collaboration with relevant stakeholders across the organization.
- Obtain top management approval for all security policies, procedures, guidelines, and processes.
Information Security Management
- Assist in developing, maintaining, reviewing, and improving a strategic, organization-wide Information Security and Risk Management Plan.
- Develop comprehensive Information Security Policies, Standards, and Guidelines for organization-wide use.
- Enforce the implementation of approved security policies, procedures, guidelines, ISMS, and other frameworks.
- Integrate security considerations into organizational business processes and IT system life cycles (planning, development, and acquisition).
- Enforce the implementation of approved security policies, procedures, guidelines, ISMS, and other frameworks.
- Issue alerts and advisories regarding new vulnerabilities and threats
- Perform risk assessment steps like: (a) identify and make inventory of assets within the scope of information security plan; (b) identify and document threats to those assets; (c) perform vulnerability analysis; (d) perform impact analysis; (e) evaluate level of risk; (f) determine acceptability or treatment of risk based on risk acceptance criteria.
- Implement automated and continuous monitoring of security incidents.
- Record and remediate information security incidents and breaches.
- Raise information security awareness among management, employees, contractors, and other stake holders.
- Define and implement change management plan for both the change in information systems and the change in ISMS itself.
- Ensure compliance of information security by contractors/suppliers etc.
- Be responsible for developing the Information System Security Policies, Standards, and guidelines for use throughout the organization.
- Assist business units in the development of specific procedures or guidelines that meet the information security policies for specific products within the business unit.
- Ensure that, when exceptions to the information security policy are necessitated, the risk acceptance process is completed, and the exceptions are reviewed and re-assessed periodically.
- Understand the current information processing technologies, information protection methods and controls and remain current/up to date on the threats against the information assets.
- Encourage the participation of the managers, auditors, insurance staff, legal experts, and the staff members from other disciplines, who can contribute to the information systems security program.
- Review audit and examination reports dealing with the information security issues. Involve in the formulation of the management’s response to the audit findings and follow-up to ensure that the security controls and procedures, as required, are implemented within the stipulated time frame.
- Co-ordinate or assist in the investigation of security threats or other attacks on information assets.
- Assist in the recovery of information and information assets from such attacks.
- Assist in responding to the security issues relating to the customers including the letters of assurance and suitable to the questions on information systems security, as and when raised by the customers.
- Ensure security due diligence, risk assessments, and ongoing monitoring of third-party service providers (e.g., technology partners, fintech integrations, cloud vendors).
- Provide regular reports on the state of information security to senior management and the Board.
KEY INTERACTIONS
Internal Stakeholders
External Stakeholders
- CXOs
- Heads & Leads of Business & Functional Units
- Employees
- Third Party Service Providers
- Customers/Users
- Technology Partners
KEY SKILLS & BEHAVIOURAL ATTRIBUTES
Technical Skills:
- Cybersecurity Expertise: A deep understanding of various cybersecurity domains, including network security, application security, cloud security, operations security and incident response.
- Risk Management: The ability to assess, evaluate, and mitigate security risks, including identifying vulnerabilities and prioritizing threats.
- Compliance and Regulations: Knowledge of relevant industry standards, regulations, and compliance frameworks (e.g., RBI, DPDP, PCI DSS).
- Technical Proficiency: Familiarity with security technologies, tools, and platforms, such as firewalls, intrusion detection systems, encryption, and identity and access management.
Leadership and Communication Skills:
- Strategic Thinking: The ability to develop and implement a comprehensive cybersecurity strategy aligned with the organization's business objectives.
- Team Leadership: Leading and motivating a diverse team of security professionals, fostering collaboration, and building a strong security culture.
- Communication Skills: Effective communication with both technical and non-technical stakeholders, including the board of directors, executives, and employees.
- Presentation Skills: The ability to articulate complex security concepts in a clear and concise manner, both verbally and in writing.
- Negotiation Skills: The ability to negotiate with vendors, internal departments, and external stakeholders to achieve security objectives.
Business Acumen:
- Business Understanding: A solid understanding of the organization's business model, operations, and risk tolerance.
- Financial Management: The ability to manage security budgets, allocate resources effectively, and justify security investments.
- Change Management: The ability to drive change within the organization, especially when it comes to implementing new security measures or policies.
Additional Desirable Skills:
- Crisis Management: The ability to respond effectively to security incidents and breaches.
- Vendor Management: The ability to manage relationships with security vendors and service providers.
- Problem-Solving: The ability to identify and resolve complex security issues.
- Continuous Learning: A commitment to staying up-to-date with the latest cybersecurity trends and threats.
EDUCATION / EXPERIENCE
Minimum Qualification:
- A bachelor’s or master’s degree in a relevant field like Computer Science, Information Security, or in a related discipline. Advanced degrees or certifications in Cyber Security, Systems Audit or Risk Management.
Nature of Experience:
- Minimum of 15-20 years of progressive experience in technology, information security, Data Privacy, Compliance and Risk Management on leadership roles.
This advertiser has chosen not to accept applicants from your region.
5
Chief Information Security Officer
Thane, Maharashtra
Aimhire
Posted today
Job Viewed
Job Description
Job Opening: Chief Information Security Officer (CISO)
Location: Thane
Employment Type: Full-Time | Senior Leadership
Department: Security & Compliance
About the Role
We’re looking for an experienced and visionary Chief Information Security Officer (CISO) to lead our company-wide information security strategy. As a key member of the senior leadership team, you’ll be responsible for protecting our systems, data, and applications while aligning security initiatives with our business goals.
This role requires a strong leader with deep technical expertise, a strategic mindset, and a passion for building secure, scalable, and compliant environments—especially within fast-paced, SaaS or technology-driven companies.
Key Responsibilities
Strategic Leadership
Define and drive the overall information security vision, strategy, and roadmap.
Provide executive-level guidance on risk management, compliance, and emerging threats.
Embed security best practices into business operations through cross-functional collaboration.
️ Risk & Security Program Management
Develop and enforce comprehensive security policies, standards, and procedures.
Lead enterprise-wide risk assessments, threat modeling, and vulnerability analysis.
Monitor and respond to security threats, alerts, and reports in real time.
Incident Response & Recovery
Lead the development and execution of incident response strategies and playbooks.
Oversee security investigations and coordinate cross-functional remediation efforts.
Act as point-of-contact for stakeholders and regulators during security events.
Compliance & Audit
Ensure compliance with frameworks and regulations like ISO 27001, GDPR, SOC 2, etc.
Support internal and external audits, and drive closure of any findings.
Maintain comprehensive documentation of security policies and incident history.
Security Awareness & Culture
Promote a culture of security through ongoing training and awareness programs.
Collaborate with department leaders to ensure security is part of everyday practices.
Technical Leadership
Oversee the implementation and management of tools like SIEM, IDS/IPS, firewalls, and encryption.
Conduct regular penetration testing and vulnerability assessments.
Stay ahead of industry trends and technologies to continually improve defenses.
Application Security Oversight
Partner with engineering teams to integrate security into the SDLC.
Lead secure code reviews, vulnerability assessments, and application threat modeling.
Define and enforce secure coding standards; train teams on AppSec best practices.
What We’re Looking For
Education & Certifications
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
Advanced certifications preferred: CISSP, CISM, OSCP, CEH, or equivalent.
Experience
12+ years in information security, with leadership in enterprise environments.
Strong background in SaaS or technology-led companies.
Proven ability to align security programs with business strategy.
Skills & Competencies
Deep knowledge of security frameworks (NIST, ISO 27001) and compliance standards (GDPR, SOC 2).
Expertise in cloud security (AWS, GCP, or Azure).
Strong communication and leadership skills to influence at all levels.
Hands-on experience with security tools (SAST, DAST, SIEM, IDS/IPS, encryption).
Analytical and data-driven approach to problem-solving.
Why Join Us?
Influence and own the end-to-end security strategy at the highest level.
Work with a collaborative, mission-driven leadership team.
Drive innovation in a high-impact role where security is a top priority.
Location: Thane
Employment Type: Full-Time | Senior Leadership
Department: Security & Compliance
About the Role
We’re looking for an experienced and visionary Chief Information Security Officer (CISO) to lead our company-wide information security strategy. As a key member of the senior leadership team, you’ll be responsible for protecting our systems, data, and applications while aligning security initiatives with our business goals.
This role requires a strong leader with deep technical expertise, a strategic mindset, and a passion for building secure, scalable, and compliant environments—especially within fast-paced, SaaS or technology-driven companies.
Key Responsibilities
Strategic Leadership
Define and drive the overall information security vision, strategy, and roadmap.
Provide executive-level guidance on risk management, compliance, and emerging threats.
Embed security best practices into business operations through cross-functional collaboration.
️ Risk & Security Program Management
Develop and enforce comprehensive security policies, standards, and procedures.
Lead enterprise-wide risk assessments, threat modeling, and vulnerability analysis.
Monitor and respond to security threats, alerts, and reports in real time.
Incident Response & Recovery
Lead the development and execution of incident response strategies and playbooks.
Oversee security investigations and coordinate cross-functional remediation efforts.
Act as point-of-contact for stakeholders and regulators during security events.
Compliance & Audit
Ensure compliance with frameworks and regulations like ISO 27001, GDPR, SOC 2, etc.
Support internal and external audits, and drive closure of any findings.
Maintain comprehensive documentation of security policies and incident history.
Security Awareness & Culture
Promote a culture of security through ongoing training and awareness programs.
Collaborate with department leaders to ensure security is part of everyday practices.
Technical Leadership
Oversee the implementation and management of tools like SIEM, IDS/IPS, firewalls, and encryption.
Conduct regular penetration testing and vulnerability assessments.
Stay ahead of industry trends and technologies to continually improve defenses.
Application Security Oversight
Partner with engineering teams to integrate security into the SDLC.
Lead secure code reviews, vulnerability assessments, and application threat modeling.
Define and enforce secure coding standards; train teams on AppSec best practices.
What We’re Looking For
Education & Certifications
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
Advanced certifications preferred: CISSP, CISM, OSCP, CEH, or equivalent.
Experience
12+ years in information security, with leadership in enterprise environments.
Strong background in SaaS or technology-led companies.
Proven ability to align security programs with business strategy.
Skills & Competencies
Deep knowledge of security frameworks (NIST, ISO 27001) and compliance standards (GDPR, SOC 2).
Expertise in cloud security (AWS, GCP, or Azure).
Strong communication and leadership skills to influence at all levels.
Hands-on experience with security tools (SAST, DAST, SIEM, IDS/IPS, encryption).
Analytical and data-driven approach to problem-solving.
Why Join Us?
Influence and own the end-to-end security strategy at the highest level.
Work with a collaborative, mission-driven leadership team.
Drive innovation in a high-impact role where security is a top priority.
This advertiser has chosen not to accept applicants from your region.
Be The First To Know
About the latest Ciso Jobs in India !
6
Chief Information Security Officer
Trivandrum, Kerala
Muthoot Fincorp Ltd.
Posted 3 days ago
Job Viewed
Job Description
ROLE SUMMARY
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the organization's vision, strategy, and programs to ensure that information assets and technologies are adequately protected.
This role involves overseeing the implementation of comprehensive information security policies, risk management strategies, and compliance with regulatory standards to safeguard the organization's data, systems, and operations against evolving cyber threats.
KEY RESPONSIBILITIES
Strategic Planning
Develop, implement, and monitor a comprehensive enterprise-wide information security and IT risk management program.
Seek top management support and direction for implementing information security measures in the organization.
Identify and set information security goals and objectives in alignment with the organization's business needs and objectives.
Define the scope and boundaries of the organization's information security program.
Stay abreast of legal, regulatory, and industry-specific requirements to ensure compliance.
Plan and establish an organization-wide Information Security Management System (ISMS) in compliance with ISO/IEC 27001 standards and regulatory guidelines (SEBI, RBI, etc).
Identify, assess, and mitigate information security risks in alignment with business priorities.
Define information security measurement metrics and other key performance indicators.
Develop and maintain business continuity, disaster recovery, and incident response plans, ensuring readiness through regular testing.
Drive awareness and training programs to embed a culture of security within the organization.
Get approval for information security plan, budget, and resources from top management.
General Planning
Identify and establish organization-specific information security policies, standards, procedures, guidelines, and processes.
Define and implement a formal process for creating, documenting, reviewing, updating, and implementing security policies.
Regularly assess and revise security policies to address evolving threats, business needs, and compliance requirements.
Define a policy for classification of information and information assets to ensure their appropriate handling and protection.
Lead and coordinate the development of tailored information security policies, procedures, guidelines, and processes in collaboration with relevant stakeholders across the organization.
Obtain top management approval for all security policies, procedures, guidelines, and processes.
Information Security Management
Assist in developing, maintaining, reviewing, and improving a strategic, organization-wide Information Security and Risk Management Plan.
Develop comprehensive Information Security Policies, Standards, and Guidelines for organization-wide use.
Enforce the implementation of approved security policies, procedures, guidelines, ISMS, and other frameworks.
Integrate security considerations into organizational business processes and IT system life cycles (planning, development, and acquisition).
Enforce the implementation of approved security policies, procedures, guidelines, ISMS, and other frameworks.
Issue alerts and advisories regarding new vulnerabilities and threats
Perform risk assessment steps like: (a) identify and make inventory of assets within the scope of information security plan; (b) identify and document threats to those assets; (c) perform vulnerability analysis; (d) perform impact analysis; (e) evaluate level of risk; (f) determine acceptability or treatment of risk based on risk acceptance criteria.
Implement automated and continuous monitoring of security incidents.
Record and remediate information security incidents and breaches.
Raise information security awareness among management, employees, contractors, and other stake holders.
Define and implement change management plan for both the change in information systems and the change in ISMS itself.
Ensure compliance of information security by contractors/suppliers etc.
Be responsible for developing the Information System Security Policies, Standards, and guidelines for use throughout the organization.
Assist business units in the development of specific procedures or guidelines that meet the information security policies for specific products within the business unit.
Ensure that, when exceptions to the information security policy are necessitated, the risk acceptance process is completed, and the exceptions are reviewed and re-assessed periodically.
Understand the current information processing technologies, information protection methods and controls and remain current/up to date on the threats against the information assets.
Encourage the participation of the managers, auditors, insurance staff, legal experts, and the staff members from other disciplines, who can contribute to the information systems security program.
Review audit and examination reports dealing with the information security issues. Involve in the formulation of the management’s response to the audit findings and follow-up to ensure that the security controls and procedures, as required, are implemented within the stipulated time frame.
Co-ordinate or assist in the investigation of security threats or other attacks on information assets.
Assist in the recovery of information and information assets from such attacks.
Assist in responding to the security issues relating to the customers including the letters of assurance and suitable to the questions on information systems security, as and when raised by the customers.
Ensure security due diligence, risk assessments, and ongoing monitoring of third-party service providers (e.g., technology partners, fintech integrations, cloud vendors).
Provide regular reports on the state of information security to senior management and the Board.
KEY INTERACTIONS
Internal Stakeholders
External Stakeholders
CXOs
Heads & Leads of Business & Functional Units
Employees
Third Party Service Providers
Customers/Users
Technology Partners
KEY SKILLS & BEHAVIOURAL ATTRIBUTES
Technical Skills:
Cybersecurity Expertise: A deep understanding of various cybersecurity domains, including network security, application security, cloud security, operations security and incident response.
Risk Management: The ability to assess, evaluate, and mitigate security risks, including identifying vulnerabilities and prioritizing threats.
Compliance and Regulations: Knowledge of relevant industry standards, regulations, and compliance frameworks (e.g., RBI, DPDP, PCI DSS).
Technical Proficiency: Familiarity with security technologies, tools, and platforms, such as firewalls, intrusion detection systems, encryption, and identity and access management.
Leadership and Communication Skills:
Strategic Thinking: The ability to develop and implement a comprehensive cybersecurity strategy aligned with the organization's business objectives.
Team Leadership: Leading and motivating a diverse team of security professionals, fostering collaboration, and building a strong security culture.
Communication Skills: Effective communication with both technical and non-technical stakeholders, including the board of directors, executives, and employees.
Presentation Skills: The ability to articulate complex security concepts in a clear and concise manner, both verbally and in writing.
Negotiation Skills: The ability to negotiate with vendors, internal departments, and external stakeholders to achieve security objectives.
Business Acumen:
Business Understanding: A solid understanding of the organization's business model, operations, and risk tolerance.
Financial Management: The ability to manage security budgets, allocate resources effectively, and justify security investments.
Change Management: The ability to drive change within the organization, especially when it comes to implementing new security measures or policies.
Additional Desirable Skills:
Crisis Management: The ability to respond effectively to security incidents and breaches.
Vendor Management: The ability to manage relationships with security vendors and service providers.
Problem-Solving: The ability to identify and resolve complex security issues.
Continuous Learning: A commitment to staying up-to-date with the latest cybersecurity trends and threats.
EDUCATION / EXPERIENCE
Minimum Qualification:
A bachelor’s or master’s degree in a relevant field like Computer Science, Information Security, or in a related discipline. Advanced degrees or certifications in Cyber Security, Systems Audit or Risk Management.
Nature of Experience:
Minimum of 15-20 years of progressive experience in technology, information security, Data Privacy, Compliance and Risk Management on leadership roles.
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the organization's vision, strategy, and programs to ensure that information assets and technologies are adequately protected.
This role involves overseeing the implementation of comprehensive information security policies, risk management strategies, and compliance with regulatory standards to safeguard the organization's data, systems, and operations against evolving cyber threats.
KEY RESPONSIBILITIES
Strategic Planning
Develop, implement, and monitor a comprehensive enterprise-wide information security and IT risk management program.
Seek top management support and direction for implementing information security measures in the organization.
Identify and set information security goals and objectives in alignment with the organization's business needs and objectives.
Define the scope and boundaries of the organization's information security program.
Stay abreast of legal, regulatory, and industry-specific requirements to ensure compliance.
Plan and establish an organization-wide Information Security Management System (ISMS) in compliance with ISO/IEC 27001 standards and regulatory guidelines (SEBI, RBI, etc).
Identify, assess, and mitigate information security risks in alignment with business priorities.
Define information security measurement metrics and other key performance indicators.
Develop and maintain business continuity, disaster recovery, and incident response plans, ensuring readiness through regular testing.
Drive awareness and training programs to embed a culture of security within the organization.
Get approval for information security plan, budget, and resources from top management.
General Planning
Identify and establish organization-specific information security policies, standards, procedures, guidelines, and processes.
Define and implement a formal process for creating, documenting, reviewing, updating, and implementing security policies.
Regularly assess and revise security policies to address evolving threats, business needs, and compliance requirements.
Define a policy for classification of information and information assets to ensure their appropriate handling and protection.
Lead and coordinate the development of tailored information security policies, procedures, guidelines, and processes in collaboration with relevant stakeholders across the organization.
Obtain top management approval for all security policies, procedures, guidelines, and processes.
Information Security Management
Assist in developing, maintaining, reviewing, and improving a strategic, organization-wide Information Security and Risk Management Plan.
Develop comprehensive Information Security Policies, Standards, and Guidelines for organization-wide use.
Enforce the implementation of approved security policies, procedures, guidelines, ISMS, and other frameworks.
Integrate security considerations into organizational business processes and IT system life cycles (planning, development, and acquisition).
Enforce the implementation of approved security policies, procedures, guidelines, ISMS, and other frameworks.
Issue alerts and advisories regarding new vulnerabilities and threats
Perform risk assessment steps like: (a) identify and make inventory of assets within the scope of information security plan; (b) identify and document threats to those assets; (c) perform vulnerability analysis; (d) perform impact analysis; (e) evaluate level of risk; (f) determine acceptability or treatment of risk based on risk acceptance criteria.
Implement automated and continuous monitoring of security incidents.
Record and remediate information security incidents and breaches.
Raise information security awareness among management, employees, contractors, and other stake holders.
Define and implement change management plan for both the change in information systems and the change in ISMS itself.
Ensure compliance of information security by contractors/suppliers etc.
Be responsible for developing the Information System Security Policies, Standards, and guidelines for use throughout the organization.
Assist business units in the development of specific procedures or guidelines that meet the information security policies for specific products within the business unit.
Ensure that, when exceptions to the information security policy are necessitated, the risk acceptance process is completed, and the exceptions are reviewed and re-assessed periodically.
Understand the current information processing technologies, information protection methods and controls and remain current/up to date on the threats against the information assets.
Encourage the participation of the managers, auditors, insurance staff, legal experts, and the staff members from other disciplines, who can contribute to the information systems security program.
Review audit and examination reports dealing with the information security issues. Involve in the formulation of the management’s response to the audit findings and follow-up to ensure that the security controls and procedures, as required, are implemented within the stipulated time frame.
Co-ordinate or assist in the investigation of security threats or other attacks on information assets.
Assist in the recovery of information and information assets from such attacks.
Assist in responding to the security issues relating to the customers including the letters of assurance and suitable to the questions on information systems security, as and when raised by the customers.
Ensure security due diligence, risk assessments, and ongoing monitoring of third-party service providers (e.g., technology partners, fintech integrations, cloud vendors).
Provide regular reports on the state of information security to senior management and the Board.
KEY INTERACTIONS
Internal Stakeholders
External Stakeholders
CXOs
Heads & Leads of Business & Functional Units
Employees
Third Party Service Providers
Customers/Users
Technology Partners
KEY SKILLS & BEHAVIOURAL ATTRIBUTES
Technical Skills:
Cybersecurity Expertise: A deep understanding of various cybersecurity domains, including network security, application security, cloud security, operations security and incident response.
Risk Management: The ability to assess, evaluate, and mitigate security risks, including identifying vulnerabilities and prioritizing threats.
Compliance and Regulations: Knowledge of relevant industry standards, regulations, and compliance frameworks (e.g., RBI, DPDP, PCI DSS).
Technical Proficiency: Familiarity with security technologies, tools, and platforms, such as firewalls, intrusion detection systems, encryption, and identity and access management.
Leadership and Communication Skills:
Strategic Thinking: The ability to develop and implement a comprehensive cybersecurity strategy aligned with the organization's business objectives.
Team Leadership: Leading and motivating a diverse team of security professionals, fostering collaboration, and building a strong security culture.
Communication Skills: Effective communication with both technical and non-technical stakeholders, including the board of directors, executives, and employees.
Presentation Skills: The ability to articulate complex security concepts in a clear and concise manner, both verbally and in writing.
Negotiation Skills: The ability to negotiate with vendors, internal departments, and external stakeholders to achieve security objectives.
Business Acumen:
Business Understanding: A solid understanding of the organization's business model, operations, and risk tolerance.
Financial Management: The ability to manage security budgets, allocate resources effectively, and justify security investments.
Change Management: The ability to drive change within the organization, especially when it comes to implementing new security measures or policies.
Additional Desirable Skills:
Crisis Management: The ability to respond effectively to security incidents and breaches.
Vendor Management: The ability to manage relationships with security vendors and service providers.
Problem-Solving: The ability to identify and resolve complex security issues.
Continuous Learning: A commitment to staying up-to-date with the latest cybersecurity trends and threats.
EDUCATION / EXPERIENCE
Minimum Qualification:
A bachelor’s or master’s degree in a relevant field like Computer Science, Information Security, or in a related discipline. Advanced degrees or certifications in Cyber Security, Systems Audit or Risk Management.
Nature of Experience:
Minimum of 15-20 years of progressive experience in technology, information security, Data Privacy, Compliance and Risk Management on leadership roles.
This advertiser has chosen not to accept applicants from your region.
7