We are seeking an experienced Chief Information Security Officer (CISO) to lead our company's information security strategy and operations. You will be responsible for establishing and maintaining a strong security posture, protecting our information assets, managing cyber risks, and ensuring compliance with all relevant regulations, particularly those mandated by SEBI. This is a senior leadership role vital to safeguarding our business.
Key Responsibilities:
- Security Strategy & Policy: Lead the development, implementation, and ongoing review of the company's information security strategy, policies, and standards, ensuring alignment with business objectives and regulatory demands.
- Compliance & Governance: Ensure demonstrable compliance with relevant Indian laws and regulations, including SEBI's cybersecurity framework, the IT Act (2000), the DPDP Act (2023), and CERT-In directives.
- Risk Management: Oversee the information security risk management program, including regular risk assessments, vulnerability management, and remediation planning.
- Security Operations: Manage security operations, including oversight of security monitoring (SOC activities), threat detection, and prevention measures.
- Incident Management: Lead the security incident response process, including planning (CCMP), handling, analysis (RCA), and reporting to management and regulators as required.
- Audits & Testing: Manage internal and external security audits, including VAPT (Vulnerability Assessment and Penetration Testing), ensuring they are conducted by appropriately qualified auditors (e.g., CERT-In empaneled) as per SEBI guidelines. Oversee timely closure of findings.
- Data Security: Implement and manage controls to protect company and customer data, including data classification, encryption, and access management.
- Vendor Risk Management: Assess and manage cybersecurity risks associated with third-party vendors and service providers.
- Training & Awareness: Develop and promote a security-conscious culture through awareness programs and role-specific training.
- Reporting & Communication: Regularly report on security posture, risks, incidents, and compliance status to senior leadership and the Board. Liaise with regulatory bodies as needed.
Qualifications & Experience:
- Bachelor's degree in Computer Science, Information Security, or a related technical field. A Master's degree is a plus.
- Minimum 10 years of experience in information security or IT risk management, with significant experience in a leadership role.
- Strong knowledge of information security domains, principles, and technologies.
- Deep understanding of cybersecurity frameworks (e.g., ISO 27001, NIST CSF).
- Proven experience ensuring compliance with Indian regulations, specifically SEBI requirements, IT Act, DPDP Act, and CERT-In guidelines.
- Hands-on experience managing security audits, VAPT programs, and incident response