Job description

The role involves safeguarding the organization's information assets through governance, risk management, and compliance, focusing on aligning with regulatory requirements and industry standards. Key responsibilities include managing risk, overseeing ISO/IEC 27001 certification, conducting third-party risk management, and designing cybersecurity control frameworks.

Responsibility

• Develop, implement, and manage a comprehensive risk management program to identify, assess, and mitigate cybersecurity risks across IT systems and processes.
• Continuously monitor the risk landscape, ensuring effective implementation and maintenance of mitigation strategies, while reporting on compliance with relevant laws, regulations, and industry standards.
• Lead audits and assessments to verify cybersecurity compliance, providing remediation guidance for identified gaps, and staying up to date with regulatory changes.
• Implement and maintain cybersecurity controls and frameworks, including NIST CSF, NIST 800-53, ISO/IEC 27001, and IT General Controls (ITGCs), ensuring alignment with industry standards and organizational needs.
• Manage the organization’s ISO/IEC 27001 certification process, including the development and maintenance of an Information Security Management System (ISMS), conducting internal audits, gap analyses, and preparing for external audits.
• Develop and manage a third-party risk management program, including due diligence, risk assessments, and collaboration with other departments to ensure vendors meet cybersecurity requirements and contracts include appropriate clauses.
• Oversee digital payment system security, ensuring compliance with industry standards like PCI-DSS, and collaborate with service providers and internal teams to protect against cybersecurity threats.
• Design, document, and regularly update a cybersecurity control framework that complies with relevant industry standards and regulatory requirements (e.g., NIST, ISO/IEC 27001, CIS, PCI DSS, RBI, SEBI, IRDA, DPDPA, GDPR, DORA).
• Conduct workshops with senior stakeholders to appraise them of cybersecurity frameworks and control requirements, ensuring continuous improvement of the organization’s cybersecurity posture.

Qualifications

• Bachelor’s degree in information technology, Computer Science, or a related field (or equivalent experience).
• 8-10 years of experience in information security, cyber security compliance, risk assessment or a similar role.
• Good understanding of IT control frameworks (PCI DSS, NIST, COBIT, ITIL, CSF, ISO 27001, ITIL, COSO etc.).
• Good understanding and Indian and global cyber security regulations.
• Strong analytical and problem-solving skills.
• Excellent communication and documentation skills.
• Ability to work independently and as part of a team.
• Experience with risk management, compliance, and audit processes.