Deputy Chief Information Security Officer

Experience Required:
10–15 years in Information Security, IT Infrastructure, Governance, Risk & Compliance (GRC)

Position Overview:

The Deputy Chief Information Security Officer (Dy. CISO) will be responsible for
establishing, implementing, and managing the organization's information security strategy, governance framework, and cybersecurity programs
. This includes driving security initiatives across IT infrastructure, cloud environments, applications, and business operations.

The role requires strong expertise in cybersecurity, IT compliance, audits, risk management, vendor governance, and infrastructure security. The Dy. CISO will work closely with senior leadership, department heads, and technology teams to ensure that security controls, policies, and risk frameworks are embedded across the organization.

The Dy. CISO will also lead efforts in incident response, business continuity, network and server security, and regulatory compliance to ensure a robust security posture that aligns with business goals and industry standards.

Key Responsibilities:

1. Information Security Governance & Strategy

• Define, establish, and implement the organization's information security strategy, policies, and control frameworks.
• Ensure alignment with global standards such as ISO 27001, NIST CSF, SOC 2, GDPR, RBI, CERT-In, or industry-specific regulations.
• Conduct periodic reviews of security posture and drive continuous improvement.
• Lead enterprise-wide security awareness and training initiatives.

2. Risk Management & IT Compliance

• Conduct Information Security Risk Assessments (ISRA) and define mitigation strategies.
• Drive compliance with regulatory, contractual, and industry security requirements.
• Lead internal IT audits and prepare the organization for external audits (ISO, SOC 2, PCI-DSS, etc.).
• Maintain documentation of controls, audit evidence, and compliance dashboards.

3. Security Operations & Incident Response

• Oversee security operations including SIEM monitoring, endpoint protection, threat intelligence, and vulnerability management.
• Establish, maintain, and improve Incident Response Procedures (IRP).
• Lead incident handling, investigations, root cause analysis, and post-incident reporting.
• Coordinate with internal teams and external stakeholders during major incidents.

4. IT Infrastructure & Network Security

• Oversee the security of servers, networks, cloud environments, data centers, and virtual environments.
• Ensure timely patching, hardening, and secure configuration of infrastructure components.
• Manage and optimize firewalls, WAF, IDS/IPS, DLP, EDR, access management, and other security technologies.
• Support secure digitization initiatives (e.g., Zoho, SAP) ensuring compliance with security architecture principles
  .

5. Asset & Inventory Security Management

• Manage the complete lifecycle of IT assets including procurement, installation, monitoring, and decommissioning.
• Ensure accurate tracking of hardware, software, licenses, and enforce asset security controls.
• Conduct periodic inventory audits and ensure compliance with internal policies.

6. Vendor & Third-Party Security Management

• Evaluate, onboard, and monitor third-party vendors from a security and compliance perspective.
• Review and negotiate SLAs, security clauses, data protection terms, and risk responsibilities.
• Ensure vendors meet performance, security, and compliance requirements.

7. Business Continuity & Disaster Recovery

• Develop, implement, and periodically test Business Continuity Plans (BCP) and Disaster Recovery (DR) frameworks.
• Coordinate backup strategies and ensure secure backup and restoration processes.
• Lead DR drills, review outcomes, and drive improvements.

8. People Leadership & Technical Oversight

• Provide leadership to IT and security teams responsible for infrastructure management and cybersecurity operations.
• Mentor team members, build capabilities, and drive a strong security culture across the organization.
• Guide teams in complex technical troubleshooting and escalate issues as needed.

9. Reporting & Documentation

• Present regular security status reports, risk dashboards, and audit summaries to senior management.
• Maintain documentation for policies, procedures, architecture diagrams, assets, controls, and incidents.
• Track KPIs, KRIs, and compliance metrics for continuous improvement.

Qualifications & Skills:

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or equivalent.
• Master's degree (MBA/Information Security) is a plus.
• 10–15 years of experience in Information Security, IT Infrastructure, Audits, and Compliance.
• Preferred certifications:
• CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor, CEH, CCSP, ITIL, PMP
  or equivalent.
• Strong understanding of security frameworks (ISO 27001, NIST, CIS Controls).
• Experience in cloud security, vulnerability management, and infrastructure hardening.
• Proven ability to manage multi-vendor environments and large-scale IT/security projects.
• Excellent leadership, communication, and problem-solving skills

Key Skills

• Information Security Governance
• Cybersecurity Strategy & Leadership
• IT Compliance & Audits
• Risk Management (GRC)
• Security Operations & Incident Response
• IT Infrastructure & Network Security
• Vendor & Asset Management
• Business Continuity & Disaster Recovery
• Team Leadership & Stakeholder Collaboration