Information Security Lead

NB: "Recruiting for a scheduled commercial bank"Job Title: Senior Resource – Information SecurityMinimum 15 years in BFSI Employment Type: Full-Time Location – Thrissur Job Summary: We are looking for a highly skilled Deputy CISO – Information Security with at least 10 years of experience in BFSI to lead risk management, compliance, and security operations. The ideal candidate should have hands-on experience in designing and implementing banking security architecture, DC/DR, network security, and ensuring compliance with RBI, SEBI, UIDAI, and other regulatory bodies. Key Responsibilities: - Develop & enforce security policies, procedures, and frameworks (NIST, ISO 27001, PCI DSS). - Ensure regulatory compliance with RBI, SEBI, UIDAI, NPCI, ITGC, and risk management frameworks. - Provide strategic direction and leadership in the planning, development, and implementation of enterprise-wide cybersecurity initiatives. - Oversee the identification, assessment, and mitigation of cybersecurity risks, ensuring compliance with industry standards and regulations. - Collaborate with cross-functional teams, including engineering, to integrate cybersecurity best practices into the design and implementation of new technologies and systems. - Lead and manage a team of cybersecurity professionals, providing mentorship, guidance, and support to enhance the overall security posture of the organization. - Conduct regular security assessments, audits, and penetration testing to identify vulnerabilities and weaknesses in the organization’s IT and OT infrastructure. - Communicate effectively with senior management, board members, and other stakeholders to report on the organization’s cybersecurity posture, initiatives, and ongoing risk management efforts. - Ensure compliance with relevant cybersecurity standards, regulations, and industry best practices, and participate in audits and compliance assessments as require - Lead regulatory audits and collaborate with internal/external stakeholders. - Conduct cyber drills to assess and improve incident response capabilities. - Manage SIEM, DLP, XDR, SOC operations, and threat intelligence. - Oversee DC/DR design & implementation, network & security architecture for banking systems. - Ensure security of OS, applications, APIs, ATM/CARD, switch, BBPS, CBS, mobile apps, cloud security, DC/DR controls. - Lead VA/PT (OWASP), third-party/vendor security audits, and risk assessments. - Conduct security awareness programs and training for teams. - Mentor and manage a team of 6-10 cybersecurity professionals, fostering a security-first culture - Ensure compliance with SOC 2 audits and RBI regulations, particularly in the financial sector. - Manage Governance, Risk, and compliance (GRC) processes and tools. - Implement and manage Information Security Management System (ISMS) aligned with ISO 27001/27002 standards. Education: BTech/MCA/MTech in Computer Science, IT or related field. Certifications (Preferred): ISO 27001 LA/LI, ISO 31000, CISA, CISM, CISSP, ITIL. Qualifications & Skills - Minimum 10 years’ experience in information security department of the bank leading the team and handling regulatory audits (RBI, SEBI, UIDAI, etc.). - In-depth knowledge of banking security infrastructure, DC/DR, cloud security, and application security. - Hands-on experience in designing & implementing banking security architecture. - Strong leadership, analytical, and stakeholder management skills. - Proven experience in SOC 2 compliance and cybersecurity operations. - In-depth knowledge of RBI regulations, data protection, and global privacy laws - Experience in managing cybersecurity programs in global markets (India, US, Middle East).