Cyber Security Officer

Job Title: Cyber Security Officer – Compliance, Risk & Cryptography

Location: Chennai

Experience Level: 8+ years

Department: Information Security / Risk & Compliance

Reports To: Chief Information Security Officer (CISO) / Head of Security Governance

Position Overview

We are seeking a seasoned Cyber Security Officer to lead and maintain our organization's information security, compliance, and cryptographic infrastructure.

The ideal candidate will bring deep expertise in PCI DSS, ISO 27001, SOC 1 & 2, and privacy-related standards, combined with a strong understanding of SAMA Cyber Security Framework (CSF), NCA ECC and CCC, and Sarie security controls.

This role will drive cybersecurity strategy, governance, and architecture, ensuring the organization's systems, data, and payment infrastructure remain secure, compliant, and resilient to emerging threats.

Key Responsibilities

Information Security Governance & Strategy

• Develop and maintain the organization's cybersecurity strategy, roadmap, and governance framework.
• Define, implement, and maintain security policies, standards, and procedures in alignment with international best practices (ISO, PCI, NIST).
• Lead risk assessments, gap analyses, and develop mitigation strategies across business units.
• Oversee internal and external cybersecurity audits and coordinate responses and remediation.
• Report key risk and compliance metrics to executive management and regulatory stakeholders.

Compliance & Certifications

• Maintain and ensure ongoing compliance with:
• PCI DSS (including PCI PIN and P2PE)
• ISO 27001, SOC 1 & SOC 2, ISO Privacy Information Management)
• SAMA Cyber Security Framework (CSF) and NCA ECC/CCC
• Sarie and UAE Central Bank regulatory requirements
• Oversee audit readiness, manage evidence collection, and coordinate with QSA and internal audit teams.
• Drive continuous improvement in security maturity and compliance posture.

Cryptography & Key Management

• Manage HSM operations, cryptographic key generation, rotation, and destruction procedures in compliance with PCI PIN and PCI DSS.
• Maintain Key Management Systems (KMS) and enforce strict segregation of duties and dual control mechanisms.
• Develop and review Key Management Policies (KMP) and ensure secure storage, handling, and lifecycle documentation.
• Support encryption architecture, ensuring data confidentiality and integrity across systems and payment channels.

Cybersecurity Architecture & Operations

• Define and maintain cybersecurity architecture and ensure integration of secure design principles across IT and fintech platforms.
• Collaborate with infrastructure, DevOps, and product teams to embed security by design in new systems and applications.
• Evaluate and implement security tools such as SIEM, DLP, IAM, EDR, and vulnerability management solutions.
• Lead incident response and root cause analysis (RCA) for major security events and ensure lessons learned are institutionalized.

Internal Audit & Risk Management

• Conduct periodic internal audits of critical systems, data flows, and control environments.
• Identify control gaps and lead remediation plans in coordination with technology and compliance teams.
• Support third-party risk assessments, ensuring vendors adhere to corporate and regulatory security standards.

Required Skills & Qualifications

• Bachelor's degree in information security, Computer Science, or related field
• 8+ years of experience in cybersecurity, compliance, and information security governance, preferably in fintech, banking, or payment processing.
• Proven expertise in maintaining compliance with PCI DSS, PCI PIN, ISO 27001, SOC 1 & 2, ISO 27701, and related privacy standards.
• Strong working knowledge of SAMA CSF, NCA ECC/CCC, and Sarie frameworks in the GCC context.
• Hands-on experience with HSMs (Thales, Utimaco, SafeNet, etc.), cryptographic key management, and secure key ceremonies.
• Familiarity with cybersecurity architecture, risk management, and threat mitigation frameworks (NIST CSF, CIS, ISO
• Strong understanding of network security, encryption standards, incident response, and vulnerability management.
• Excellent communication, leadership, and stakeholder management skills.

Preferred Qualifications

• Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer / Auditor, PCI ISA / QSA.
• Experience working with financial regulators in the GCC and managing multi-audit environments.
• Exposure to Cloud Security (ISO 27017/27018, CSA CCM) and privacy regulations (GDPR, DIFC, ADGM DP Law).
• Strong presentation and executive reporting capabilities.

Key Performance Indicators (KPIs)

• Audit and certification renewal success rate (PCI DSS, ISO, SOC, etc.)
• Security incident rate reduction and MTTR (Mean Time to Resolve)
• Compliance gap closure and risk mitigation timelines
• Security architecture and roadmap maturity level improvements
• Stakeholder satisfaction and regulatory compliance audit outcomes