Chief Information Security Officer

POSITION SUMMARY:

The incumbent will lead the organization's cybersecurity function, overseeing threat monitoring, risk assessment, data protection, and incident response. Responsibilities include designing secure IT architectures, governing identity and access controls, implementing risk-mitigation programs, conducting investigations, and ensuring compliance through effective governance.

KEY ACCOUNTABILITIES/ KEY RESPONSIBILITIES:

Security Operations & Incident Response:

- Oversee a robust Security Operations Center (SOC) functionality, potentially outsourced or augmented by automation, to provide real-time monitoring and analysis of immediate cyber threats targeting the organization's systems and data.

- Develop and implement incident response plans, encompassing procedures for timely detection, containment, eradication, and recovery from security breaches or data loss events.

- Lead and coordinate effective responses to security incidents, minimizing downtime and mitigating potential financial and reputational damage to the organization and its clients.

Cyber Risk Management & Intelligence:

- Proactively identify, assess, and mitigate information security risks across the entire IT ecosystem and business processes, including evaluating the risks associated with emerging technologies and digital transformation initiatives.

- Stay abreast of the evolving cyber threat landscape, including targeted attacks, ransomware, and insider threats, and translate complex technical risks into understandable insights for the leadership team and board of directors.

- Develop and maintain a comprehensive risk management framework, incorporating robust risk assessments, vulnerability management, and continuous monitoring to strengthen the organization's security posture.

Data Loss & Fraud Prevention:

- Implement and enforce data protection policies and controls to prevent unauthorized access, misuse, or exfiltration of sensitive client information and organizational data, whether from external sources or internal staff.

- Employ advanced anti-fraud and anomaly detection systems, including transaction monitoring and behavioural pattern analysis, to safeguard financial assets and preserve client trust.

Security Architecture & Engineering:

- Lead the planning, selection, and implementation of security hardware and software solutions, including designing secure network and IT infrastructure aligned with industry best practices and regulatory compliance.

- Develop and maintain a robust and scalable security architecture that supports the organization's digital transformation initiatives and ensures the security of its expanding digital footprint.

- Regularly review and update security systems to ensure their effectiveness against evolving threats and vulnerabilities, prioritizing a proactive approach to security by design rather than a reactive one.

Identity & Access Management (IAM):

- Design and implement an effective Identity and Access Management (IAM) framework to ensure that only authorized personnel have appropriate access to sensitive data, systems, and client information based on the principle of least privilege.

- Enforce strong authentication mechanisms, including Multi-Factor Authentication (MFA), to minimize the risk of unauthorized access due to compromised credentials.

- Regularly audit and review user access privileges to ensure they remain aligned with job functions and organizational policies, promptly revoking access for departing employees and those changing roles.

Security Program Management:

- Develop and implement a comprehensive security program roadmap, encompassing a structured approach to securing the organization's digital infrastructure and promoting a security-first culture across all departments.

- Lead and manage the security team, fostering a culture of continuous learning and professional development, equipping them with the skills to address emerging security challenges.

- Effectively allocate resources, including budget and personnel, to ensure the successful execution of security initiatives and compliance with regulatory requirements.

Investigations & Forensics:

- Lead and oversee investigations into security incidents and data breaches, determining the root cause, assessing the scope of the breach, and collaborating with internal and external parties as needed.

- Conduct forensic analysis to recover and analyse digital evidence, identifying the attackers' methods and supporting legal proceedings or regulatory reporting as necessary.

- Develop and implement corrective measures and lessons learned from security incidents to prevent future occurrences and strengthen the organization's cyber resilience.

Governance & Compliance:

- Establish and maintain a robust information security governance framework that aligns with the organization's objectives, regulatory requirements (including RBI regulations for Microfinance Companies), and industry best practices.

- Ensure continuous compliance with all applicable laws, regulations, and industry standards, including those related to data protection, privacy, and financial operations.

- Act as the primary point of contact for regulatory bodies and internal/external auditors on all information security matters, ensuring transparency and proactive reporting.

DESIRED PROFILE:

Qualifications and Skills

- Experience: 12+ years of relevant work experience with a bachelor's degree in computer science or related field.

- Should have prior experience in handling Cybersecurity Operations Management, Cyber Risk & Intelligence, Data Protection & Fraud Prevention, Security Architecture, Identity & Access Management, Digital Forensics & Incident Investigation, Governance & Compliance

- Knowledge on RBI regulations related to security is important.

- Cyber Security Certifications are added advantages (CISA, CISSP, CISM)