Assistant Vice President – SOC and Cyber Security Awareness

The role is with a leading NBFC Company.

About the Role

The Assistant Vice President (AVP) – SOC & Cybersecurity Awareness will play a pivotal role in strengthening the organisation's cybersecurity posture. This position involves overseeing Security Operations Centre activities, driving continuous improvement in threat detection and incident response, and leading strategic initiatives to enhance cybersecurity awareness across the enterprise. The AVP will collaborate with cross-functional teams to ensure SOC operations align with regulatory standards, audit requirements, and industry best practices. Additionally, the role includes designing and executing awareness programs that foster a security-first culture among employees, stakeholders, and partners.

Responsibilities

Strategic Program Development & Execution:

• Design and implement a comprehensive cybersecurity awareness and behaviour change program tailored to various internal audiences (executives, employees, contractors, vendors).
• Develop, document, and implement Standard Operating Procedures (SOPs) for SOC operations while continuously refining processes to enhance efficiency and effectiveness.
• Develop an annual awareness calendar including campaigns, phishing simulations, newsletters, security champions initiatives, and gamified learning.
• Align awareness efforts with global security frameworks (e.g., NIST, ISO 27001, CIS), regulatory requirements (e.g., RBI, DPDP), and organisational security strategy.

Content Creation and Communication:

• Create engaging, informative, and easily digestible security-related content (emailers, videos, infographics, playbooks, e-learnings).
• Localise content for cultural and regional relevance across geographies.

Training:

• Develop role-based security training (for developers, IT staff, risk teams, etc.).
• Monitor training completion rates and effectiveness using data analytics.

Phishing Simulations & Metrics:

• Design and manage regular simulated phishing campaigns across business units.
• Analyze and report campaign results, identify risky user groups, and implement targeted follow-ups or remediation training.

Regulatory Compliance:

• Ensure SOC operations remain compliant with evolving regulatory frameworks by staying informed of changes and proactively updating internal controls, policies, and procedures to reflect new requirements.

Audit Management:

• Lead and oversee security audits by ensuring SOC processes align with audit standards and effectively communicate findings and remediation strategies to stakeholders.

Stakeholder Engagement & Culture Building:

• Partner with business units, risk teams, HR, compliance, and IT to embed cyber risk awareness into business-as-usual processes.
• Build and manage a network of security champions or ambassadors.
• Present updates to senior management, audit committees, and regulators as needed.

Qualifications

• Bachelor's degree in information technology, Cybersecurity, Communications, or a related field.
• Certifications preferred: CISM, CISA, CompTIA Security, or similar.

Required Skills

• Cybersecurity knowledge: Understanding of core security principles, threat vectors, and controls.
• Communication expertise: Excellent verbal and written communication with a knack for simplifying complex topics.
• Campaign execution: Experience planning and running large-scale campaigns, events, or training rollouts.
• Analytical mindset: Ability to analyse data from phishing campaigns or learning platforms to improve programs.
• Stakeholder management: Effectively communicating across all organisational levels to ensure timely outcomes.
• Creativity & innovation: Brings fresh ideas to improve engagement and reach.