Chief Information Security Officer - BFS

Chief Information Security Officer

Role & responsibilities:

- The CISO shall be responsible for driving cyber security strategy and ensuring compliance to the extant regulatory / statutory instructions on information/ cyber security. They will be responsible for enforcing the policies that a regulated entity uses to protect its information assets apart from coordinating information / cyber security related issues within the regulated entity as well as with relevant external agencies. They should have good exposure and knowledge of presenting updates to Board Members and have prior experience of managing teams.

- Define Information Security Roadmap for the organization with a futuristic vision.

- Lead, Implement and Review Hardware, Network and Software Security Standards and Security Controls within the Organization, to protect systems, data and assets from both internal and external threats and prevent information and data loss/frauds.

- Identify and Implement Security Assessment and Testing Processes across the organization, including but not limited to Penetration Testing, Secure Software Development, Vulnerability Management etc.

- Identify Best Security Products/Tools for various purposes and implementation of same.

- Proactively Monitor and identify Security Issues and potential threats, new vulnerabilities/threats and continuously improve security standards within the organization

- Implement and lead Security Assessment practices including Security Audits, Information Security Reviews etc

- Provide strategic risk guidance and consultation for IT Projects, including security risk assessment of Implementation Architecture, technical standards, and protocols.

- Real-time analysis, investigations, and forensics, if a need arises and ensure to avoid and strengthen security measures.

- Developing strategies to handle security incidents and trigger investigation. Regular Stakeholder communication on Information and Data Security Practices and Activities.

- Creating and implementing a strategy for the deployment of information security technologies and solutions to minimize the risk of cyber-attacks.

- Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement.

- Ensuring compliance with the latest regulations and compliance requirements.

- Developing and implementing business continuity plans.

Preferred candidate profile:

- Engineering Graduate/ Post-Graduate in related field such as Computer Science, IT, Electronics and Communications or a Cyber Security related field.

- Minimum 13 years of experience in risk management, information security, or cyber security.

- Experience in financial forecasting and budget management.

- Strong knowledge of information security management frameworks, such as ISO/IEC 27001 and NIST.

- Good Understanding of DevSecOps , Secure SDLC, Security Automation, Security Testing Concepts, DR & BCP Concepts

- Certifications such as CISSP, CEH, CISA and CISM along with deep implementation experience will be an added advantage.

- Prior knowledge/exposure working for Payments/Banking/Fintech domains is essential.