Key Responsibilities:

1. Governance & Policy

- Govern the lifecycle of security exceptions, deviations, compensating controls, and risk sign-offs.

- Oversee and maintain the Policy Exception Management framework and structured repository.

- Ensure policies, standards, and procedures are aligned with regulatory updates and industry best practices.

2. Cyber Risk Management

- Own the enterprise cyber risk taxonomy, KRIs, risk heatmaps, and dashboards aligned with regulatory bodies (e.g., RBI, IRDAI, CERT-In).

- Lead periodic control reviews for high-risk and emerging-risk domains.

- Monitor residual risks, track remediation plans, and drive timely closure with Technology, Security Operations, IT Infrastructure, and Business Units.

- Perform thematic risk reviews, scenario analyses, and maturity assessments against global frameworks (e.g., NIST CSF, ISO 27001, CIS).

3. Compliance & Audit

- Govern and facilitate threat landscape reviews, ensuring controls evolve to mitigate modern attack vectors.

- Manage regulatory reporting and ensure continuous adherence to legal, regulatory, and contractual cyber obligations.

- Act as the Subject Matter Expert for internal and external audits related to cybersecurity risk and governance.

- Ensure timely closure of audit findings and regulatory observations.

4. Incident Response & Business Continuity

- Collaborate with SOC, IR, and Cyber Resilience teams to maintain and enhance incident response and recovery capabilities.

- Provide second-line oversight for business continuity (BCP) and disaster recovery (DR) planning, testing, and assurance.

- Review cyber incident trends, root-cause analyses, and lessons learned.

5. Stakeholder Engagement & Reporting

- Partner with Technology, Legal, Enterprise Risk, Compliance, and Business Units to embed cybersecurity controls and risk practices into business processes.

- Deliver clear, data-driven cyber risk insights and dashboards to senior management, Risk Committees, and Board sub-committees.

- Drive enterprise awareness on cyber risk, regulatory expectations, and governance protocols.

Experience

- Minimum15+ years of total professional experience, with at least 12 years in cybersecurity Governance or cyber risk management.

- Strong experience in the BFSI sector (Banking, Financial Services, Insurance) is highly preferred.

- Hands-on familiarity with regulatory guidelines, cyber risk frameworks, and security technologies.

Skills & Competencies

- Strong understanding of enterprise technology stacks, cloud environments, identity and access management, vulnerability management, and data security controls.

- Deep knowledge of cyber risk methodologies, control frameworks, and security assurance practices.

- Excellent verbal and written communication; ability to simplify complex cyber topics for executive stakeholders.

- Strong governance mindset with the ability to influence, challenge, and drive accountability across all organizational levels.

- Analytical and strategic thinker with robust problem-solving abilities.