NB: Recruiting for a scheduled commercial bank

Job Title: Senior Resource Information Security

Minimum 15 years in BFSI

Employment Type: Full-Time

Location Thrissur

Job Summary:

We are looking for a highly skilled Deputy CISO Information Security with at least 10 years of experience in BFSI to lead risk management, compliance, and security operations. The ideal candidate should have hands-on experience in designing and implementing banking security architecture, DC/DR, network security, and ensuring compliance with RBI, SEBI, UIDAI, and other regulatory bodies. Key Responsibilities:

Develop & enforce security policies, procedures, and frameworks (NIST, ISO 27001, PCI DSS).

Ensure regulatory compliance with RBI, SEBI, UIDAI, NPCI, ITGC, and risk management frameworks.

Provide strategic direction and leadership in the planning, development, and implementation of enterprise-wide cybersecurity initiatives.

Oversee the identification, assessment, and mitigation of cybersecurity risks, ensuring compliance with industry standards and regulations.

Collaborate with cross-functional teams, including engineering, to integrate cybersecurity best practices into the design and implementation of new technologies and systems. Lead and manage a team of cybersecurity professionals, providing mentorship, guidance, and support to enhance the overall security posture of the organization.

Conduct regular security assessments, audits, and penetration testing to identify vulnerabilities and weaknesses in the organization's IT and OT infrastructure.

Communicate effectively with senior management, board members, and other stakeholders to report on the organization's cybersecurity posture, initiatives, and ongoing risk management efforts.

Ensure compliance with relevant cybersecurity standards, regulations, and industry best practices, and participate in audits and compliance assessments as require

Lead regulatory audits and collaborate with internal/external stakeholders.

Conduct cyber drills to assess and improve incident response capabilities.

Manage SIEM, DLP, XDR, SOC operations, and threat intelligence.

Oversee DC/DR design & implementation, network & security architecture for banking systems.

Ensure security of OS, applications, APIs, ATM/CARD, switch, BBPS, CBS, mobile apps, cloud security, DC/DR controls.

Lead VA/PT (OWASP), third-party/vendor security audits, and risk assessments.

Conduct security awareness programs and training for teams.

Mentor and manage a team of 6-10 cybersecurity professionals, fostering a security-first culture

Ensure compliance with SOC 2 audits and RBI regulations, particularly in the financial sector.

Manage Governance, Risk, and compliance (GRC) processes and tools.

Implement and manage Information Security Management System (ISMS) aligned with ISO 27001/27002 standards.

Education:

BTech/MCA/MTech in Computer Science, IT or related field.

Certifications (Preferred):

ISO 27001 LA/LI, ISO 31000, CISA, CISM, CISSP, ITIL.

Qualifications & Skills

Minimum 10 years experience in information security department of the bank leading the team and handling regulatory audits (RBI, SEBI, UIDAI, etc.).

In-depth knowledge of banking security infrastructure, DC/DR, cloud security, and application security.

Hands-on experience in designing & implementing banking security architecture.

Strong leadership, analytical, and stakeholder management skills.

Proven experience in SOC 2 compliance and cybersecurity operations.

In-depth knowledge of RBI regulations, data protection, and global privacy laws

Experience in managing cybersecurity programs in global markets (India, US, Middle East).